A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s browser.
[
{
"product": "kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "For self-managed deployments the issue impacts versions 7.15.0, 7.15.1, and 7.15.2\nFor Elastic Cloud Services the issue impacts versions 7.15.0 through 7.17.0, and 8.0.0"
}
]
}
]