CVE-2017-11481

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-11481
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11481.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-11481
Downstream
Related
Published
2017-12-08T18:29:00.240Z
Modified
2026-02-13T00:11:59.296933Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

References

Affected packages

Git / github.com/elastic/kibana

Affected ranges

Type
GIT
Repo
https://github.com/elastic/kibana
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
12d17c6d111705f0c0c29fbab66eb22eda31dcdf

Affected versions

v4.*
v4.0.0
v4.0.0-beta1
v4.0.0-beta1.1
v4.0.0-beta2
v4.0.0-beta3
v4.0.0BETA1
v4.1.0
v4.2.0-beta1
v5.*
v5.0.0-alpha5
v5.6.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-11481.json"