WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-3821 Vulnerability in npm package kibana

Description

Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683

Related Vulnerabilities

CVE-2021-41182 Vulnerability in maven package org.webjars.bower:jquery-ui

CVE-2017-8045 Vulnerability in maven package org.springframework.amqp:spring-amqp

CVE-2012-6662 Vulnerability in maven package org.fujion.webjars:jquery-ui

CVE-2019-1003088 Vulnerability in maven package egor-n:fabric-beta-publisher

CVE-2019-10246 Vulnerability in maven package org.eclipse.jetty:jetty-util

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory