CVE-2016-10366

MEDIUM

Kibana 4.3-4.6.2 - Cross-Site Scripting

Title source: llm

Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.

Core 1

Core References

Vendor Advisory x_refsource_confirm

CVSS v3 6.1

EPSS 0.0027

EPSS Percentile 50.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79

Status published

Products (15)

elastic/kibana 4.3.0

elastic/kibana 4.3.1

elastic/kibana 4.3.2

elastic/kibana 4.3.3

elastic/kibana 4.4.0

elastic/kibana 4.4.1

elastic/kibana 4.4.2

elastic/kibana 4.5.0

elastic/kibana 4.5.1

elastic/kibana 4.5.2

... and 5 more

Published Jun 16, 2017

Tracked Since Feb 18, 2026