The host is installed with Kibana before 6.8.6 or 7.x before 7.5.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in the coordinate and region map visualizations. Successful exploitation could allow an attacker to execute JavaScript in the victims browser.