CVE-2018-3830

Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt