apk package
chainguard/kibana-8.19
pkg:apk/chainguard/kibana-8.19
Vulnerabilities (102)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-9910 | Med | 4.7 | < 8.19.3-r1 | 8.19.3-r1 | Sep 11, 2025 | Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and th | |
| CVE-2024-53382 | — | < 8.19.3-r1 | 8.19.3-r1 | Mar 3, 2025 | Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. |
- affected < 8.19.3-r1fixed 8.19.3-r1
Versions of the package jsondiffpatch before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may lead to code execution if untrusted payloads were used as source for the diff, and th
- CVE-2024-53382Mar 3, 2025affected < 8.19.3-r1fixed 8.19.3-r1
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.
Page 6 of 6