Lucene search
K

3 matches found

OSV
OSV
added 2026/05/28 11:26 a.m.9 views

BIT-PROMETHEUS-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

6.1CVSS5.9AI score0.00182EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 9:27 p.m.9 views

CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS5.9AI score0.00182EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 9:27 p.m.34 views

CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI

Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...

5.1CVSS0.00182EPSS
Exploits0References2
Rows per page
Query Builder