The host is installed with Kibana before 5.6.15 or 6.x before 6.6.1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle an issue in unspecified vectors. Successful exploitation could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.