CVE-2023-0507

🗓️ 01 Mar 2023 15:35:55Reported by GRAFANAType

Grafana 8.1 XSS vulnerability in GeoMap plugin allows stored XSS, leading to potential privilege escalation

Reporter	Title	Published	Views	Family All 63
AlpineLinux	CVE-2023-0507	1 Mar 202316:15	–	alpinelinux
Circl	CVE-2023-0507	1 Mar 202318:33	–	circl
CNNVD	Grafana 跨站脚本漏洞	1 Mar 202300:00	–	cnnvd
Cvelist	CVE-2023-0507	1 Mar 202315:35	–	cvelist
FreeBSD	Grafana -- Stored XSS in geomap panel plugin via attribution	25 Jan 202300:00	–	freebsd
FreeBSD	Grafana -- Stored XSS in TraceView panel	30 Jan 202300:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to 'Cross-site Scripting' in Grafana (CVE-2023-0507)	1 Nov 202319:54	–	ibm
EUVD	EUVD-2023-0932	3 Oct 202520:07	–	euvd
Tenable Nessus	FreeBSD : Grafana -- Stored XSS in geomap panel plugin via attribution (e2a8e2bd-b808-11ed-b695-6c3be5272acd)	3 Mar 202300:00	–	nessus
Tenable Nessus	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:1904-1)	20 Apr 202300:00	–	nessus

NVD

Node

grafana grafanaRange8.1.0–8.5.21

grafana grafanaRange9.2.0–9.2.13

grafana grafanaRange9.3.0–9.3.8

[
  {
    "defaultStatus": "unaffected",
    "product": "Grafana",
    "vendor": "Grafana",
    "versions": [
      {
        "lessThan": "8.5.21",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.2.13",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.3.8",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Grafana Enterprise",
    "vendor": "Grafana",
    "versions": [
      {
        "lessThan": "8.5.21",
        "status": "affected",
        "version": "8.1.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.2.13",
        "status": "affected",
        "version": "9.0.0",
        "versionType": "semver"
      },
      {
        "lessThan": "9.3.8",
        "status": "affected",
        "version": "9.3.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
grafana	www.grafana.com/security/security-advisories/cve-2023-0507/
security	www.security.netapp.com/advisory/ntap-20230413-0001/

13 Feb 2025 17:15Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.15.4 - 7.3

EPSS0.60579

SSVC

CWE-79