Description
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.
Remediation
References
https://www.elastic.co/community/security/
Related Vulnerabilities
CVE-2014-1869 Vulnerability in npm package zeroclipboard
CVE-2023-45136 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2019-10309 Vulnerability in maven package org.jenkins-ci.plugins:swarm
CVE-2017-2585 Vulnerability in maven package org.keycloak:keycloak-server-spi-private
CVE-2017-2654 Vulnerability in maven package org.jenkins-ci.plugins:email-ext