{"data":{"id":"7c712402-7606-4856-9a7a-da41313ae338","title":"CVE-2018-3824: X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. If an attacker i","summary":"X-Pack Machine Learning (a tool for automated data analysis in Elasticsearch) versions before 6.2.4 and 5.6.9 contained a cross-site scripting vulnerability (XSS, a flaw where attackers inject malicious code into web pages). An attacker could inject harmful data into a database index being analyzed by the machine learning tool, and when another user views the results, the attacker could steal sensitive information or perform actions as that user.","solution":"Update X-Pack Machine Learning to version 6.2.4 or 5.6.9 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2018-3824","publishedAt":"2018-09-19T19:29:00.360Z","cveId":"CVE-2018-3824","cweIds":["CWE-79","CWE-79"],"cvssScore":"4.3","cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Elastic","X-Pack Machine Learning"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00217,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}