CVE-2022-23713
MEDIUMKibana 7.0.0-7.17.4 - Stored Cross-Site Scripting in Vega Charts Integration
Title source: llmDescription
A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613
Vendor Advisory x_refsource_misc
https://www.elastic.co/community/security
Scores
CVSS v3
6.1
EPSS
0.0079
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
elastic/kibana
7.0.0 - 7.17.5
Published
Jul 06, 2022
Tracked Since
Feb 18, 2026