Description
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Remediation
References
https://discuss.elastic.co/t/elastic-stack-6-1-3-and-5-6-7-security-update/117683
Related Vulnerabilities
CVE-2021-41182 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2017-8045 Vulnerability in maven package org.springframework.amqp:spring-amqp
CVE-2012-6662 Vulnerability in maven package org.fujion.webjars:jquery-ui
CVE-2019-1003088 Vulnerability in maven package egor-n:fabric-beta-publisher
CVE-2019-10246 Vulnerability in maven package org.eclipse.jetty:jetty-util