CVE-2018-3821
MEDIUMKibana 5.1.1-5.6.7 - Cross-Site Scripting in Tag Cloud Visualization
Title source: llmDescription
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683
Scores
CVSS v3
6.1
EPSS
0.0037
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
elastic/kibana
5.1.1 - 5.6.7
Published
Mar 30, 2018
Tracked Since
Feb 18, 2026