CVE-2019-13068Cross-site Scripting in Grafana Grafana

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
5.0%
top 10.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Grafana GrafanaGrafana
Timeline
PublishedJun 30
Latest updateMay 24

Description

public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDgrafana/grafana< 6.2.5

🔴Vulnerability Details

3
GHSA
Grafana Cross-site Scripting vulnerability2022-05-24
OSV
Grafana Cross-site Scripting vulnerability2022-05-24
CVEList
CVE-2019-13068: public/app/features/panel/panel_ctrl2019-06-29
CVE-2019-13068 — Cross-site Scripting | cvebase