Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to render HTML tags within

BROWSER

15-12-2025 14:44

CVE-2025-37732 Vulnerabilidad documentada

Sin puntuación

Tags

#site

#injection

#cross

#web

#cross-site

#browser

#cross-site scripting

#improper

#authenticated

#bypass

#scripting

#pass

#issue

#inject

#fix

#allow

Descripción

Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related ESA-2025-17 (CVE-2025-25018) bypassing that fix achieve injection.

https://discuss.elastic.co/t/kibana-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-28/384064

Referencia

CVE-2025-25018

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-37732

Resultados similares

Coincidentes en almenos en 50% de los tags

16-12-2025
Linux : openSUSE: Chromium Important Update for Browser Issues CVE-2025-14372 An update that fi...
Ver información

16-12-2025 CVE-2023-53885
Webutler v3.2 contains a remote code execution vulnerability that allows authenticated administ...
Ver información