Description
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Remediation
References
https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683
Related Vulnerabilities
CVE-2020-11023 Vulnerability in npm package jquery
CVE-2012-0394 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2023-24446 Vulnerability in maven package org.jenkins-ci.plugins:openid
CVE-2021-32050 Vulnerability in npm package mongodb
CVE-2019-10378 Vulnerability in maven package org.jenkins-ci.plugins:testlink