{"data":{"id":"84d1c864-e530-41ba-9496-113792c2925f","title":"CVE-2018-3823: X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. Users with manag","summary":"X-Pack Machine Learning (a tool for building predictive models in Elastic) versions before 6.2.4 and 5.6.9 contained a cross-site scripting vulnerability (XSS, where attackers inject malicious code that runs in users' browsers). Users with manage_ml permissions could hide malicious data in job configurations that would execute when other users viewed the results, allowing attackers to steal sensitive information or perform harmful actions on behalf of those users.","solution":"Update X-Pack Machine Learning to version 6.2.4 or 5.6.9 or later. The source references a security update at https://discuss.elastic.co/t/elastic-stack-6-2-4-and-5-6-9-security-update/128422.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2018-3823","publishedAt":"2018-09-19T19:29:00.220Z","cveId":"CVE-2018-3823","cweIds":["CWE-79","CWE-79"],"cvssScore":"5.4","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Elastic X-Pack Machine Learning"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00195,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}