Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-25017
CVE-2025-25017
Improper Neutralization of Input During Web Page Generation in Kibana can lead to Cross-Site Scripting (XSS)
Published Oct 15, 2025
https://discuss.elastic.co/t/kibana-8-18-8-8-19-4-9-0-7-9-1-4-security-update-esa-2025-16/382450
https://github.com/advisories/GHSA-866g-x98c-rprc
CVSS Score
Medium
6.1
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
maven
com.atlassian.bitbucket.search/embedded-elasticsearch-plugin
6.2.8-m1
maven
com.atlassian.bitbucket.search/embedded-elasticsearch-plugin
6.2.8-m2
maven
com.atlassian.bitbucket.search/embedded-elasticsearch-plugin
6.2.8-m3
maven
com.atlassian.bitbucket.search/embedded-elasticsearch-plugin
6.2.8
pypi
dataqa
1.0.0
pypi
dataqa
1.0.1
pypi
dataqa-es
0.0.1.post1
pypi
dataqa-es
0.0.2
pypi
dataqa-es
0.0.3
maven
org.codelibs.elasticsearch.module/kibana
7.10.0
maven
org.codelibs.elasticsearch.module/kibana
7.10.1
maven
org.codelibs.elasticsearch.module/kibana
7.10.2
maven
org.codelibs.elasticsearch.module/kibana
7.8.0
maven
org.codelibs.elasticsearch.module/kibana
7.8.1
maven
org.codelibs.elasticsearch.module/kibana
7.9.0
maven
org.codelibs.elasticsearch.module/kibana
7.9.1
maven
org.codelibs.elasticsearch.module/kibana
7.9.2
maven
org.codelibs.elasticsearch.module/kibana
7.9.3
1-18 of 18
CVE-2025-25017 | Components Impacted | Sonatype Guide | Sonatype Guide
