Skip to main content

Elastic App Search

2 CVEs product

Monthly

CVE-2021-22140 HIGH This Week

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XXE Elastic App Search
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-7011 MEDIUM This Month

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Elastic App Search
NVD
CVSS 3.1
6.1
EPSS
1.0%
EPSS 1% CVSS 7.5
HIGH This Week

Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic XXE Elastic App Search
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Elastic Elastic App Search
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy