##Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems.
A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victimβs browser.