VYPR
Unrated severityNVD Advisory· Published May 1, 2025· Updated May 1, 2025

Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS

CVE-2024-11390

Description

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files.

The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.