The vulnerability of the Custom Frontend Plugin component of the Grafana monitoring and observation platform allows attackers to perform cross-site scripting (XSS) attacks.

🗓️ 16 Jun 2025 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Grafana Custom Frontend Plugin enables remote cross site scripting via input validation during page creation.

Reporter	Title	Published	Views	Family All 157
FreeBSD	grafana -- XSS vulnerability	26 Apr 202500:00	–	freebsd
FreeBSD	Grafana -- User deletion issue	15 Apr 202500:00	–	freebsd
GithubExploit	Exploit for Open Redirect in Grafana	4 Jun 202512:42	–	githubexploit
GithubExploit	Exploit for Open Redirect in Grafana	22 May 202515:34	–	githubexploit
GithubExploit	Exploit for Open Redirect in Grafana	6 Jun 202520:24	–	githubexploit
ATTACKERKB	CVE-2025-4123	22 May 202500:00	–	attackerkb
Tenable Nessus	Alibaba Cloud Linux 3 : 0074: grafana (ALINUX3-SA-2025:0074)	27 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : grafana (ALSA-2025:7893)	26 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : grafana (ALSA-2025:7894)	20 May 202500:00	–	nessus
Tenable Nessus	FreeBSD : grafana -- XSS vulnerability (45eb98d6-3b13-11f0-97f7-b42e991fc52e)	28 May 202500:00	–	nessus

Vulners

Node

red_hat red_hat_enterprise_linuxMatch8

OR

red_hat red_hat_enterprise_linuxMatch9

OR

red_hat red_hat_enterprise_linuxMatch10

Source	Link
access	www.access.redhat.com/security/cve/cve-2025-4123
grafana	www.grafana.com/grafana/plugins/instana-datasource/
github	www.github.com/NightBloodz/CVE-2025-4123
t	www.t.me/bizone_channel/1899
grafana	www.grafana.com/security/security-advisories/cve-2025-4123/
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/
lk	www.lk.astra.ru/
abf	www.abf.rosa.ru/advisories/ROSA-SA-2026-3252
web	www.web.nvd.nist.gov/view/vuln/detail

01 Jun 2026 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 37.6

CVSS 29

EPSS0.06888

grafana custom frontend plugin cross site scripting input validation page creation