Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
{ "cpes": [ "cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*" ], "severity": "Medium" }