Description
Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Remediation
References
http://www.securityfocus.com/bid/102734
https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763
Related Vulnerabilities
CVE-2020-7662 Vulnerability in npm package websocket-extensions
CVE-2018-12585 Vulnerability in maven package org.opcfoundation.ua:opc-ua-stack
CVE-2017-16184 Vulnerability in npm package scott-blanch-weather-app
CVE-2022-39203 Vulnerability in npm package matrix-appservice-irc
CVE-2021-35516 Vulnerability in maven package org.apache.commons:commons-compress