kibana is susceptible to cross-site scripting (XSS). The vulnerability allows a user with privilege to edit or create a region map visualization to inject malicious HTML script via region map visualization feature, leading to sensitive information leakage and perform malicious action on behalf of Kibana users who view the region map visualization.
discuss.elastic.co/t/elastic-stack-6-8-11-and-7-8-1-security-update/242786
github.com/elastic/kibana/commit/0bf552bd6baafe3053c68dd20af14a088065df69
github.com/elastic/kibana/commit/eb25b47a75b391bf2bcf236d02cb0afb22a9f226
www.elastic.co/community/security#CVE-2020-7017
www.elastic.co/community/security/
www.oracle.com//security-alerts/cpujul2021.html