Description
Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An attacker who is able to edit or create a TSVB visualization could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.
Remediation
References
https://www.elastic.co/community/security/
Related Vulnerabilities
CVE-2023-28668 Vulnerability in maven package org.jenkins-ci.plugins:role-strategy
CVE-2013-2067 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2012-5633 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2023-49674 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner
CVE-2020-9488 Vulnerability in maven package org.apache.logging.log4j:log4j-core