Vulnerabilities > Elastic > Kibana > 4.5.2

DATE CVE VULNERABILITY TITLE RISK
2017-06-16 CVE-2016-1000220 Cross-site Scripting vulnerability in Elastic Kibana
Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.
network
low complexity
elastic CWE-79
6.1
2017-06-16 CVE-2016-1000219 Improper Authorization vulnerability in Elastic Kibana
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and authorization headers could be written to the log files.
network
low complexity
elastic CWE-285
7.5