WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-3818 Vulnerability in npm package kibana

Description

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

http://www.securityfocus.com/bid/102734

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763

Related Vulnerabilities

CVE-2017-16129 Vulnerability in npm package superagent

CVE-2018-12544 Vulnerability in maven package io.vertx:vertx-web-api-contract

CVE-2020-5280 Vulnerability in maven package org.http4s:http4s-server

CVE-2022-37616 Vulnerability in maven package org.webjars.npm:xmldom__xmldom

CVE-2016-10655 Vulnerability in npm package clang-extra

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory