Vulnerabilities > Elastic > Elastic APP Search
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-22140 | XXE vulnerability in Elastic APP Search 7.11.0/7.11.1 Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. | 5.0 |
| 2020-06-03 | CVE-2020-7011 | Cross-site Scripting vulnerability in Elastic APP Search Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. | 4.3 |