CVE-2024-11390
01.05.2025, 14:15
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victims browser (XSS) via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.
Common Weakness Enumeration