Launchpad.net

CVE 2016-1000220

Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers.

See the CVE page on Mitre.org for more details.

References