{"id":"CVE-2018-3830","details":"Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.","modified":"2026-04-10T04:10:30.782738Z","published":"2018-09-19T19:29:01.203Z","references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3537"},{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035"},{"type":"ADVISORY","url":"https://www.elastic.co/community/security"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/kibana","events":[{"introduced":"ce7908cdac87af1e3b02ac4038fc3985602cf95a"},{"last_affected":"2872c74872c54d91e3e00b67c7bbc61659df0ba7"}],"database_specific":{"versions":[{"introduced":"5.3.0"},{"last_affected":"6.4.1"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"3.11"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3830.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}