UBUNTU-CVE-2018-1000816

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-1000816

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-1000816.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-1000816

Related

CVE-2018-1000816

Published

2018-12-20T15:29:00Z

Modified

2025-01-13T10:21:51Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..

References

Affected packages

Ubuntu:Pro:16.04:LTS / grafana

Package

Name: grafana
Purl: pkg:deb/ubuntu/grafana@2.6.0+dfsg-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6.0+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}