CVE-2017-11481 - AskarLabs CVE Database

CVE-2017-11481

Vendor Elastic

Product Kibana

Weakness CWE-79 · XSS

Published December 8, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Key dates

02Disclosure timeline

December 8, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-11481

Related vulnerabilities

04Related CVE

CVE-2026-1252 Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field CVE-2022-41206 CVE-2025-12804 Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode CVE-2024-38156 Microsoft Edge (Chromium-based) Spoofing Vulnerability CVE-2023-31221 WordPress PDQ CSV Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)