It was found that Kibana 4.0.0-4.0.2 is vulnerable to cross-site scripting (XSS) attack. The attack allows execution of arbitrary JavaScript in the context of the users browser. External References: https://discuss.elastic.co/t/kibana-cross-site-scripting-vulnerability-cve-2015-4093/2258/1