8 matches found
CVE-2026-32117
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...
CVE-2026-32117
The CVE concerns the grafanacubism-panel Grafana plugin. In versions
CVE-2026-32117
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...
EUVD-2026-11407
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...
CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...
CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...
PT-2026-24851
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...
A cubism panel for Grafana 跨站脚本漏洞
The "Cubism Panel for Grafana" is a visualization plugin developed by ekacnet’s individual developers. Versions of the cubism panel for Grafana prior to 0.1.2 contain a cross-site scripting vulnerability. This vulnerability arises from the panel’s zooming link processor not verifying URL schemes...