CVE-2017-8440 - AskarLabs CVE Database

CVE-2017-8440

Vendor Elastic

Product Kibana

Weakness CWE-79 · XSS

Published June 5, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.

Key dates

02Disclosure timeline

June 5, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-8440 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-63057 WordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerability CVE-2025-68890 WordPress e-shops plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-39577 WordPress PropertyHive plugin <= 2.1.2 - Cross Site Scripting (XSS) Vulnerability CVE-2025-5258 Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter CVE-2024-10234 Wildfly: wildfly vulnerable to cross-site scripting (xss)

Identifiers

CVE CVE-2017-8440

CWE CWE-79

Affected versions

Vendor Elastic

Product Kibana

Affected 5.3.0 to 5.3.3

Vendor Elastic

Product Kibana

Affected 5.4.1