Shodan
Vulnerabilities
Vulnerable Software
Elastic:  >> Kibana  >> 7.17.18  Security Vulnerabilities
CVE-2025-25018
Improper Neutralization of Input During Web Page Generation in Kibana can lead to stored Cross-Site Scripting (XSS)
CVSS Score
8.7
EPSS Score
0.0
Published
2025-10-10
CVE-2025-25017
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)
CVSS Score
8.2
EPSS Score
0.0
Published
2025-10-10
CVE-2025-25009
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Stored XSS via case file upload.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-10-07
CVE-2025-25012
URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-06-25
CVE-2024-43706
Improper authorization in Kibana can lead to privilege abuse via a direct HTTP request to a Synthetic monitor endpoint.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-06-10
CVE-2025-25016
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-01
CVE-2024-11390
Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. The attacker must have access to the Synthetics app AND/OR have access to write to the synthetics indices.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-05-01
CVE-2024-52974
An issue has been identified where a specially crafted request sent to an Observability API could cause the kibana server to crash. A successful attack requires a malicious user to have read permissions for Observability assigned to them.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-04-08
CVE-2024-43708
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted payload to a number of inputs in Kibana UI. This can be carried out by users with read access to any feature in Kibana.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-01-23
CVE-2024-52972
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/metrics/snapshot. This can be carried out by users with read access to the Observability Metrics or Logs features in Kibana.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved