Total
40069 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3830 | 2 Elastic, Redhat | 2 Kibana, Openshift Container Platform | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2018-3823 | 1 Elastic | 3 Elasticsearch X-pack, Kibana X-pack, Logstash X-pack | 2025-12-03 | 3.5 LOW | 5.4 MEDIUM |
| X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manage_ml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructive actions on behalf of other ML users viewing the results of the jobs. | |||||
| CVE-2018-3818 | 1 Elastic | 1 Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2018-3820 | 1 Elastic | 1 Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2018-3821 | 1 Elastic | 1 Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2017-11479 | 2 Elastic, Elasticsearch | 2 Kibana, Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2016-10366 | 1 Elastic | 1 Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. | |||||
| CVE-2015-9056 | 1 Elastic | 1 Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | |||||
| CVE-2017-11481 | 1 Elastic | 1 Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2017-8440 | 1 Elastic | 1 Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2017-8439 | 1 Elastic | 1 Kibana | 2025-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. This bug could allow an attacker to obtain sensitive information from Kibana users. | |||||
| CVE-2024-43184 | 1 Ibm | 1 Jazz Foundation | 2025-12-02 | N/A | 6.1 MEDIUM |
| IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2025-51734 | 1 Hcltech | 1 Unica | 2025-12-02 | N/A | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0. | |||||
| CVE-2025-52667 | 1 Revive-adserver | 1 Revive Adserver | 2025-12-02 | N/A | 5.4 MEDIUM |
| Missing JSON Content-Type header in a script in Revive Adserver 6.0.1 and 5.5.2 and earlier versions causes a stored XSS attack to be possible for a logged in manager user. | |||||
| CVE-2025-52668 | 1 Revive-adserver | 1 Revive Adserver | 2025-12-02 | N/A | 5.4 MEDIUM |
| Improper input neutralization in the stats-conversions.php script in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes potential information disclosure and session hijacking via a stored XSS attack. | |||||
| CVE-2025-65881 | 2025-12-02 | N/A | 6.1 MEDIUM | ||
| Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php. | |||||
| CVE-2025-65215 | 2025-12-02 | N/A | 6.1 MEDIUM | ||
| Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /product_expiry/add-supplier.php via the Supplier Name field. | |||||
| CVE-2025-65187 | 2025-12-02 | N/A | 6.1 MEDIUM | ||
| A Stored Cross Site Scripting vulnerability exists in CiviCRM before v6.7 in the Accounting Batches field. An authenticated user can inject malicious JavaScript into this field and it executes whenever the page is viewed. | |||||
| CVE-2025-63872 | 2025-12-02 | N/A | 6.1 MEDIUM | ||
| DeepSeek V3.2 has a Cross Site Scripting (XSS) vulnerability, which allows JavaScript execution through model-generated SVG content. | |||||
| CVE-2025-56526 | 1 Cinnamon | 1 Kotaemon | 2025-12-02 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF. | |||||