Vulnerabilities > Elastic > Kibana > 4.1.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-16 | CVE-2016-1000219 | Improper Authorization vulnerability in Elastic Kibana Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files. | 7.5 |
| 2017-06-16 | CVE-2015-9056 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | 6.1 |