Medium severity6.1NVD Advisory· Published Dec 8, 2017· Updated May 13, 2026
CVE-2017-11481
CVE-2017-11481
Description
Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting (XSS) vulnerability via URL fields that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.
Affected products
13cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:elastic:kibana:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:5.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:elastic:kibana:6.0.0:rc2:*:*:*:*:*:*
- (no CPE)range: before 6.0.1 and 5.6.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- discuss.elastic.co/t/kibana-6-0-1-and-5-6-5-security-update/110571nvdVendor Advisory
News mentions
0No linked articles in our index yet.