A cross-site-scripting (XSS) vulnerability exists in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
elastic kibana