It was reported that versions of Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. External Reference: https://www.elastic.co/community/security
This issue has been addressed in the following products: Red Hat OpenShift Enterprise 3.2 Red Hat OpenShift Enterprise 3.1 Via RHSA-2016:1836 https://access.redhat.com/errata/RHSA-2016:1836