172 matches found
CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource...
[SECURITY] Fedora 32 Update: grafana-6.7.3-1.fc32
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
[SECURITY] Fedora 31 Update: grafana-6.7.3-1.fc31
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
Moderate: Red Hat Security Advisory: grafana security, bug fix, and enhancement update
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Fedora Update for grafana FEDORA-2019-77d612eab4
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for grafana FEDORA-2019-0bb6b876da
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 29 Update: grafana-6.3.4-1.fc29
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
[SECURITY] Fedora 30 Update: grafana-6.3.4-1.fc30
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB...
Cross-Site Scripting (XSS)
opentsdb is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the type parameter with the /suggest URI...
Cross-site Scripting (XSS)
opentsdb is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the json parameter with the /q URL...
Remote Code Execution (RCE)
opentsdb is vulnerable to remote code execution RCE attacks. A malicious user can inject and execute arbitrary commands through a q request using the o, key, style, yrange , y2range parameters and the JSON input...
OpenTSDB cross-site scripting vulnerability (CNVD-2018-13554)
OpenTSDB is a set of open source, scalable distributed time series database. A cross-site scripting vulnerability exists in OpenTSDB version 2.3.0. A remote attacker can exploit this vulnerability by sending the 'type' parameter to the /suggest URI to inject arbitrary Web script or HTML...
Design/Logic Flaw
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...
CVE-2018-13003
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...
CVE-2018-13003
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...
CVE-2018-13003
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI...
CVE-2018-13003
OpenTSDB 2.3.0 contains a reflected XSS in the /suggest endpoint where the parameter type is not properly sanitized, enabling injection of arbitrary JavaScript into the browser of a targeted user. The issue’s root cause is related to insufficient input validation of parameters reflected in respon...
Input validation
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input...
CVE-2018-12972
An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input...
CVE-2018-12973
An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI...