CVE-2025-68387 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in cont…
Medium CVSS: 6.1

CVE-2025-68387

Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a vulnerability a function handler in the Vega AST evaluator.
Vendor
Elastic
Product
Kibana
CWE
CWE-79
Yayın Tarihi
2025-12-18 23:15:49
Güncelleme
2025-12-23 19:07:16
Source Identifier
security@elastic.co
KEV Date Added
-

Kategoriler

CWE-79 Kibana MEDIUM Elastic 2025

Referanslar

https://discuss.elastic.co/t/kibana-8-19-9-9-1-9-and-9-2-3-security-update-esa-2025-35/384183