17 matches found
CVE-2026-22637
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2026-22637
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-22637
...
CVE-2026-22637
CVE-2026-22637 is associated with Grafana XY Chart Plugin. The Red Hat entry and PT--security advisory describe a DOM-based XSS vulnerability where a user with Editor permissions can modify a panel to execute arbitrary JavaScript. Affected component: Grafana XY Chart Plugin; attack vector involve...
CVE-2026-22637
...
EUVD-2025-12232
Malicious code in bioql PyPI...
BIT-GRAFANA-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
SUSE CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
CVE-2025-2703 affects Grafana’s built-in XY Chart plugin through a DOM XSS flaw. The advisory text states that a user with Editor permissions can modify a panel to execute arbitrary JavaScript, indicating that the vulnerability stems from client-side script handling in the chart component and cou...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor-level privileges to inject and execute arbitrary JavaScript code by editing an XY Chart Panel. The vulnerability bypasses the Content Security Policy, allowing the...
PT-2025-17601 · Unknown +1 · Xy Chart Plugin +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The built-in XY Chart plugin is affected by a DOM XSS issue. A user with Editor permissions can modify a panel to execute arbitrary JavaScript. Recommendations: At the moment, there is no...
XSS in Grafana XY Chart Plugin
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript. This vulnerability first appeared in Grafana v11.1.0, and is fixed in 11.6.0+security-01, 11.5.3+security-01,...
Grafana 安全漏洞
Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana version v11.1.0, which stems from a...