kibana is vulnerable to cross-site scripting (XSS). Lack of validation and sanitization in the coordinate and region map visualizations allows a remote attacker to inject arbitrary Javascript into a user’s browser via the options
attribution settings.