The host is installed with kibana before 6.8.9 or 7.x before 7.7.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle an issue in TSVB visualization. Successful exploitation allows attackers to obtain sensitive information from, or perform destructive actions, on behalf of Kibana users who edit the TSVB visualization.