Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2016-1000220 Vulnerability in npm package kibana

Description

Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.

Remediation

References

http://www.securityfocus.com/bid/99179

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2019-15658 Vulnerability in npm package connect-pg-simple

CVE-2023-30519 Vulnerability in maven package org.jenkins-ci.plugins:quayio-trigger

CVE-2019-18212 Vulnerability in maven package org.lsp4xml:lsp4xml-extensions

CVE-2016-4467 Vulnerability in maven package org.apache.qpid:proton-project

CVE-2021-23433 Vulnerability in npm package algoliasearch-helper

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory