Unrated severityNVD Advisory· Published May 1, 2025· Updated May 1, 2025
Kibana Unrestricted Upload of File with Dangerous Type Can Lead to XSS
CVE-2024-11390
Description
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files.
The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
>= 7.17.6, < 7.17.23+ 1 more
- (no CPE)range: >= 7.17.6, < 7.17.23
- (no CPE)range: >= 7.17.6, < 7.17.23
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.