The host is installed with Kibana before 6.8.10 or 7.x before 7.7.1 and is prone to a stored cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in TSVB visualization. Successful exploitation could allow the attacker to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.