CVE-2016-1000220 — Cross-site Scripting in Kibana

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 46.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 16

Latest updateMay 13

Description

Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶NVDelastic/kibana4.1.0 — 4.1.11+1

GHSA

GHSA-v2wv-8cq6-22qw: Kibana before 4↗2022-05-13

▶

CVEList

CVE-2016-1000220: Kibana before 4↗2017-06-16

▶

Red Hat

kibana: XSS vulnerability ESA-2016-03↗2016-08-03

▶

Bugzilla

CVE-2016-1000220 kibana: XSS vulnerability ESA-2016-03↗2016-08-05

▶