{"id":"CVE-2016-10366","details":"Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack.","modified":"2026-04-10T03:49:27.911229Z","published":"2017-06-16T21:29:00.557Z","references":[{"type":"ADVISORY","url":"https://www.elastic.co/community/security"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"0"},{"last_affected":"e32749e1fa442853975ce2abd5ac2fd88a2dcf58"},{"introduced":"0"},{"last_affected":"d6e412dc2fa54666bf6ceb54a197508a4bc70baf"},{"introduced":"0"},{"last_affected":"85c0f729b12f6a6efe2003cbcc28aa1c271f9595"},{"introduced":"0"},{"last_affected":"b8833210a21ca747879f7d93ad34afd3250f954f"},{"introduced":"0"},{"last_affected":"07cb4d6aecddbc9dea1a26f55778b32edcef49df"},{"introduced":"0"},{"last_affected":"57474ae1b8647bccc5057792af7ab3f962f7521f"},{"introduced":"0"},{"last_affected":"b0ef773a465d0eb27d192ca77f881eba90ef93d5"},{"introduced":"0"},{"last_affected":"ff5cfc5d05a58e53f7acaa762428fa803318d31e"},{"introduced":"0"},{"last_affected":"addb28966a74b61791ceda352cd5b8b1200f2b2a"},{"introduced":"0"},{"last_affected":"7b4ce2812bd987673911990a9be7ed09fccd6ef8"},{"introduced":"0"},{"last_affected":"f40c28c2644639c34c2845c432c81be3c0c7955e"},{"introduced":"0"},{"last_affected":"00d0f493b91e3215703b8c8a64ec09966216ed95"},{"introduced":"0"},{"last_affected":"f898fba4809593df9a66cc3d0778f6faae2566d5"},{"introduced":"0"},{"last_affected":"3ff0f9b07dbcf2f7552d204777ee426885886609"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.3.0"},{"introduced":"0"},{"last_affected":"4.3.1"},{"introduced":"0"},{"last_affected":"4.3.2"},{"introduced":"0"},{"last_affected":"4.3.3"},{"introduced":"0"},{"last_affected":"4.4.0"},{"introduced":"0"},{"last_affected":"4.4.1"},{"introduced":"0"},{"last_affected":"4.4.2"},{"introduced":"0"},{"last_affected":"4.5.0"},{"introduced":"0"},{"last_affected":"4.5.1"},{"introduced":"0"},{"last_affected":"4.5.2"},{"introduced":"0"},{"last_affected":"4.5.3"},{"introduced":"0"},{"last_affected":"4.5.4"},{"introduced":"0"},{"last_affected":"4.6.0"},{"introduced":"0"},{"last_affected":"4.6.1"}]}}],"versions":["v4.0.0-beta1","v4.0.0-beta1.1","v4.0.0-beta2","v4.0.0-beta3","v4.2.0-beta1","v4.3.0","v4.3.1","v4.3.2","v4.3.3","v4.4.0","v4.4.1","v4.4.2","v4.5.0","v4.5.1","v4.5.2","v4.5.3","v4.5.4","v4.6.0","v4.6.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10366.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}