Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-10366

Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.

Published

2017-06-16T21:29:00.557

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-79
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application elastic kibana 4.3.0 Yes
Application elastic kibana 4.3.1 Yes
Application elastic kibana 4.3.2 Yes
Application elastic kibana 4.3.3 Yes
Application elastic kibana 4.4.0 Yes
Application elastic kibana 4.4.1 Yes
Application elastic kibana 4.4.2 Yes
Application elastic kibana 4.5.0 Yes
Application elastic kibana 4.5.1 Yes
Application elastic kibana 4.5.2 Yes
Application elastic kibana 4.5.3 Yes
Application elastic kibana 4.5.4 Yes
Application elastic kibana 4.6.0 Yes
Application elastic kibana 4.6.1 Yes
References