Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-16	CVE-2016-10365	Open Redirect vulnerability in Elastic Kibana Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. network low complexity elastic CWE-601	6.1
2017-06-16	CVE-2016-10364	Permissions, Privileges, and Access Controls vulnerability in Elastic Kibana 5.0.0/5.0.1 With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not properly authenticating requests to advanced settings and the short URL service, any authenticated user could make requests to those services regardless of their own permissions. network low complexity elastic CWE-264	6.5
2017-06-16	CVE-2016-1000220	Cross-site Scripting vulnerability in Elastic Kibana Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. network low complexity elastic CWE-79	6.1
2017-06-16	CVE-2015-9056	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. network low complexity elastic CWE-79	6.1
2017-06-05	CVE-2017-8441	Information Exposure vulnerability in Elastic X-Pack Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not always correctly apply Document Level Security to index aliases. network low complexity elastic CWE-200	4.3
2017-06-05	CVE-2017-8440	Cross-site Scripting vulnerability in Elastic Kibana Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. network low complexity elastic CWE-79	6.1
2017-06-05	CVE-2017-8439	Cross-site Scripting vulnerability in Elastic Kibana 5.4.0 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. network low complexity elastic CWE-79	6.1