Elastic App Search Cross Site Scripting flaw (ESA-2020-04)
All versions before 7.7.0 are vulnerable to this issue.
Solutions and Mitigations
Users should upgrade to Elastic Enterprise Search version 7.7.0. There is no known workaround for this issue.
CVSSv3: 5.9 - AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CVE ID: CVE-2020-7011