Shodan
Vulnerabilities
Vulnerable Software
Elastic:  >> Kibana  >> 7.3.1  Security Vulnerabilities
CVE-2025-25018
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
CVSS Score
8.7
EPSS Score
0.0
Published
2025-10-10
CVE-2025-25017
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-10
CVE-2025-25009
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-10-07
CVE-2025-25012
URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-25
CVE-2024-43706
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-06-10
CVE-2024-43708
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-01-23
CVE-2024-52972
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-23
CVE-2024-52973
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-01-21
CVE-2024-37281
An issue was discovered in Kibana where a user with Viewer role could cause a Kibana instance to crash by sending a large number of maliciously crafted requests to a specific endpoint.
CVSS Score
6.5
EPSS Score
0.004
Published
2024-07-30
CVE-2024-23443
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery pack.
CVSS Score
4.9
EPSS Score
0.022
Published
2024-06-19


Products
Pricing
Contact Us

Shodan ® - All rights reserved