CVE-2022-23707
MEDIUMKibana 7.5.1-7.16.3 - Authenticated Stored Cross-Site Scripting in Index Patterns
Title source: llmDescription
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://discuss.elastic.co/t/kibana-7-17-0-security-update/296215
Scores
CVSS v3
5.4
EPSS
0.0026
EPSS Percentile
49.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
elastic/kibana
7.5.1 - 7.17.0
Published
Feb 11, 2022
Tracked Since
Feb 18, 2026