Vulnerabilities on Elastic Search 6.7.1


Would need some advice on how to resolve the following vulnerabilities for Elastic Search 6.7.1 self-managed on basic subscription.

  1. The Web application is vulnerable to cross-site scripting (XSS), which allows attackers to take advantage of Web server scripts to inject JavaScript or HTML code that is executed on the client-side browser. This vulnerability is often caused by server-side scripts written in languages such as PHP, ASP, .NET, Perl or Java, which do not adequately filter data sent along with page requests or by vulnerable HTTP servers. This malicious code appears to come from your Web application when it runs in the browser of an unsuspecting user.

  2. DELETE method found via OPTIONS banner


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.