Description
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Remediation
References
https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763
http://www.securityfocus.com/bid/102734
Related Vulnerabilities
CVE-2023-3691 Vulnerability in maven package org.webjars.bower:layui
CVE-2023-29204 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore
CVE-2020-4077 Vulnerability in npm package electron
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.jasny:bootstrap
CVE-2014-0072 Vulnerability in npm package cordova-plugin-file-transfer