94 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-4123
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect user...
U.S. Dept Of Defense: CVE‑2025‑4123 — Grafana Open Redirect → Stored XSS → SSRF (Full Read) at ██████
A vulnerability, identified as CVE-2025-4123, was discovered in Grafana OSS and Enterprise versions 8.x through 12.x. The vulnerability allowed unauthenticated attackers to chain multiple flaws, including an open redirect through path traversal in the public redirect handler, stored cross-site...
GHSA-XFFM-G5W8-QVG7 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
GHSA-XFFM-G5W8-QVG7 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
VulnCheck KEV: CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
GHSA-G5HG-P3PH-G8QG vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
CVE-2025-48997 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
CVE-2025-48997 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
GHSA-G5HG-P3PH-G8QG vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
GHSA-4PG4-QVPC-4Q3H vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
GHSA-44FP-W29J-9VJ5 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
CVE-2025-47935 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
CVE-2025-47944 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
CVE-2025-47935 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
CVE-2025-47944 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
GHSA-44FP-W29J-9VJ5 vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
GHSA-4PG4-QVPC-4Q3H vulnerabilities
Vulnerabilities for packages: grafana-image-renderer...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via a custom loaded frontend plugin. An attacker can execute arbitrary JavaScript on the user's browser by redirecting them to a malicious website hosting the frontend plugin. This does not require editor...
CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
UBUNTU-CVE-2025-4123
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...