Home
HIGH: 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:NDefault status
unaffected
7.0.0 (semver)
affected
8.14.0 (semver)
affected
8.19.0 (semver)
affected
9.0.0 (semver)
affected
9.1.0 (semver)
affected
Description
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
Problem types
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Product status
7.0.0 (semver)
8.14.0 (semver)
8.19.0 (semver)
9.0.0 (semver)
9.1.0 (semver)
References
discuss.elastic.co/...1-5-security-update-esa-2025-20/382449
