CVE-2018-3818
MEDIUMKibana 5.1.1-6.1.2 - Cross-Site Scripting via Colored Fields Formatter
Title source: llmDescription
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102734
Scores
CVSS v3
6.1
EPSS
0.0037
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
elastic/kibana
5.1.1 - 6.1.2
Published
Mar 30, 2018
Tracked Since
Feb 18, 2026