Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-3818 Vulnerability in npm package kibana

Description

Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Remediation

References

http://www.securityfocus.com/bid/102734

https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763

Related Vulnerabilities

CVE-2019-10793 Vulnerability in npm package dot-object

CVE-2017-7525 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux

CVE-2021-23386 Vulnerability in npm package dns-packet

CVE-2019-14863 Vulnerability in maven package org.webjars.bower:angular

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory VDB Entry Vendor Advisory