A flaw (CVE-2023-26486) was discovered in one of Kibana’s dependencies, that would allow an attacker to perform Cross-Site Scripting (XSS) after loading a maliciously crafted custom visualization in Kibana.