CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7011

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victimï¿½s web browser.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.0%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2020-7011

Elastic » Elastic App Search » Version: 1.0.0

cpe:2.3:a:elastic:elastic_app_search:1.0.0
Elastic » Elastic App Search » Version: 1.0.1

cpe:2.3:a:elastic:elastic_app_search:1.0.1
Elastic » Elastic App Search » Version: 1.0.2

cpe:2.3:a:elastic:elastic_app_search:1.0.2
Elastic » Elastic App Search » Version: 7.2.0

cpe:2.3:a:elastic:elastic_app_search:7.2.0
Elastic » Elastic App Search » Version: 7.3.0

cpe:2.3:a:elastic:elastic_app_search:7.3.0
Elastic » Elastic App Search » Version: 7.4.0

cpe:2.3:a:elastic:elastic_app_search:7.4.0
Elastic » Elastic App Search » Version: 7.5.0

cpe:2.3:a:elastic:elastic_app_search:7.5.0
Elastic » Elastic App Search » Version: 7.6.0

cpe:2.3:a:elastic:elastic_app_search:7.6.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7011

Products

Pricing

Contact Us