The host is installed with kibana before 5.6.15 or 6.x before 6.6.1 and is prone to a cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a issue in unspecified vectors. Successful exploitation allows attackers to obtain sensitive information from or perform destructive actions on behalf of other kibana users.