Description
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
References (1)
Core 1
Core References
Broken Link, Vendor Advisory
https://https://discuss.elastic.co/t/kibana-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-17/382451
Scores
CVSS v3
8.7
EPSS
0.0003
EPSS Percentile
8.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (1)
elastic/kibana
7.0.0 - 8.18.8
Published
Oct 10, 2025
Tracked Since
Feb 18, 2026