CVE-2022-23713

Summary

A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.

Affected Software

VendorProductVersion RangeStatus
ElastickibanaVersions 7.0.0 through 7.17.4 and 8.0.0 through 8.2.3affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CVE Program Container

Additional References

References