GHSA-x5fh-fvvr-892f

Suggest an improvement
Source
https://github.com/advisories/GHSA-x5fh-fvvr-892f
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-x5fh-fvvr-892f/GHSA-x5fh-fvvr-892f.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x5fh-fvvr-892f
Aliases
Published
2022-05-14T01:42:29Z
Modified
2023-11-08T03:59:40.377727Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Grafana XSS Vulnerability
Details

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..

Database specific
{
    "github_reviewed": true,
    "nvd_published_at": "2018-12-20T15:29:00Z",
    "github_reviewed_at": "2023-07-24T21:04:39Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE"
}
References

Affected packages

Go / github.com/grafana/grafana

Package

Name
github.com/grafana/grafana
View open source insights on deps.dev
Purl
pkg:golang/github.com/grafana/grafana

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.3.2