A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.
[
{
"product": "kibana",
"vendor": "Elastic",
"versions": [
{
"status": "affected",
"version": "Versions 7.0.0 through 7.17.4 and 8.0.0 through 8.2.3"
}
]
}
]