Security Advisory

CVE-2020-7011

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-06-03 17:55:43

Last updated 2024-08-04 09:18:02

Assigner elastic

State PUBLISHED

Description

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of such a field, they could execute arbitrary JavaScript in the victimï¿½s web browser.

← Browse all CVEs View on cve.org ↗