CVE-2024-11390
01.05.2025, 14:15
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victims browser (XSS) via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices.Enginsight
Vendor | Product | Version |
---|---|---|
elastic | kibana | 7.17.6 ≤ 𝑥 < 7.17.24 |
elastic | kibana | 8.4.0 ≤ 𝑥 < 8.12.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration