Vulnerabilities on Elastic Search 6.7.1

JasonWu · September 19, 2019, 2:10am

Hi,

Would need some advice on how to resolve the following vulnerabilities for Elastic Search 6.7.1 self-managed on basic subscription.

The Web application is vulnerable to cross-site scripting (XSS), which allows attackers to take advantage of Web server scripts to inject JavaScript or HTML code that is executed on the client-side browser. This vulnerability is often caused by server-side scripts written in languages such as PHP, ASP, .NET, Perl or Java, which do not adequately filter data sent along with page requests or by vulnerable HTTP servers. This malicious code appears to come from your Web application when it runs in the browser of an unsuspecting user.
DELETE method found via OPTIONS banner

Thanks.

system · October 17, 2019, 2:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Protection against cross scripting attacks (xss) in Elastic Search server? Elasticsearch	6	3125	July 6, 2017
Enterprise Search 7.7.0 security update Security Announcements	1	4683	November 4, 2022
Elastic Stack 6.2.4 and 5.6.9 security update Security Announcements	1	12874	November 4, 2022
The remote web server is affected by a cross-site scripting vulnerability Elasticsearch docker	2	190	January 19, 2024
Vulnerability - HTTP DELETE Method Enabled Elasticsearch	2	1638	September 8, 2021