Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: elastic

Published: 2017-12-08T18:00:00

Updated: 2024-08-05T18:12:39.948Z

Reserved: 2017-07-20T00:00:00

Link: CVE-2017-11481

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-12-08T18:29:00.240

Modified: 2024-11-21T03:07:52.520

Link: CVE-2017-11481

cve-icon Redhat

Severity : Moderate

Publid Date: 2017-12-06T00:00:00Z

Links: CVE-2017-11481 - Bugzilla