kibana is vulnerable to cross-site scripting(XSS) attacks. The library does not properly sanitize document fields containing HTML snippets, which allows an attacker with the ability to write documents to an elasticsearch index to inject and execute malicious JavaScript.