Lucene search
Redhat.comRH:CVE-2023-22462HistoryMar 02, 2023 - 9:29 a.m.
CVE-2023-22462
2023-03-0209:29:51
redhat.com
access.redhat.com
82
0.002 Low
EPSS
Percentile
64.2%
A flaw was found in the Grafana core plugin, “Text.” The vulnerability was possible due to React’s render cycle that will pass through unsanitized HTML code. However, the HTML is cleaned and saved in Grafana’s database in the next cycle. An attacker needs the Editor role in changing a Text panel to include JavaScript. Later, another user needs to edit the same Text panel and click “Markdown” or “HTML” to execute the code. This issue allows possible vertical privilege escalation, where a user with an Editor role can change to a known password for a user having an Admin role if the user with an Admin role executes malicious JavaScript viewing a dashboard.
Related
nessus
nessus
cvelist
cvelist
CVE-2023-22462 Stored XSS in Grafana Text plugin
2023-03-02 00:06:59
veracode
veracode
Cross-site Scripting (XSS)
2023-03-03 03:42:01
prion
prion
Cross site scripting
2023-03-02 01:15:00
github
github
Grafana vulnerable to Stored Cross-site Scripting in Text plugin
2023-03-01 20:56:49
alpinelinux
alpinelinux
CVE-2023-22462
2023-03-02 01:15:00
cve
cve
CVE-2023-22462
2023-03-02 01:15:11
ibm
ibm
freebsd
freebsd
Grafana -- Stored XSS in TraceView panel
2023-01-30 00:00:00
Grafana -- Stored XSS in geomap panel plugin via attribution
2023-01-25 00:00:00
Grafana -- Stored XSS in text panel plugin
2023-01-01 00:00:00
openvas
openvas
Grafana < 8.5.21, 9.2.x < 9.2.13, 9.3.x < 9.3.8 Multiple Vulnerabilities
2023-03-02 00:00:00
osv
osv
Grafana vulnerable to Stored Cross-site Scripting in Text plugin
2023-03-01 20:56:49
CVE-2023-22462
2023-03-02 01:15:11
BIT-grafana-2023-22462
2024-03-06 10:53:25
redhat
redhat
(RHSA-2024:0746) Important: new container image: rhceph-5.3
2024-02-08 16:24:16
redos
redos
ROS-20240404-01
2024-04-04 00:00:00