GHSA-cmq2-j8v8-2q44
Suggest an improvement- Source
- https://github.com/advisories/GHSA-cmq2-j8v8-2q44
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-cmq2-j8v8-2q44/GHSA-cmq2-j8v8-2q44.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-cmq2-j8v8-2q44
- Aliases
- Published
- 2024-01-30T23:47:48Z
- Modified
- 2024-08-21T14:56:45.344597Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Grafana XSS in Dashboard Text Panel
- Details
-
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
- Database specific
{ "nvd_published_at": "2020-06-02T17:15:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-30T23:47:48Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-18623
- https://github.com/grafana/grafana/issues/15293
- https://github.com/grafana/grafana/issues/4117
- https://github.com/grafana/grafana/pull/11813
- https://github.com/grafana/grafana/pull/14984
- https://github.com/grafana/grafana/releases/tag/v6.0.0
- https://security.netapp.com/advisory/ntap-20200608-0008
Affected packages
Go / github.com/grafana/grafana
Package
- Name
- github.com/grafana/grafana
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/grafana/grafana