MEDIUM🇬🇧 English

CVE-2020-7011

CVSS 6.1v3.1pub. 2020-06-03upd. 2024-11-21

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victim�s web browser.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Elastic App Search

    APP
    Elastic
    < 7.7.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2021-22140HIGH7.5ten sam produkt

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE...

CVE-2019-7609CRITICAL10.0⚠ KEVten sam vendor

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...

CVE-2015-1427CRITICAL9.8⚠ KEVten sam vendor

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to by...

CVE-2025-37729CRITICAL9.1PL ✓ten sam vendor

Elastic Cloud Enterprise — Server-Side Template Injection (SSTI) w silniku Jinjava

CVE-2025-25014CRITICAL9.1PL ✓ten sam vendor

Prototype Pollution w Kibana prowadzące do RCE przez HTTP