Lucene search
K

8 matches found

NVD
NVD
added 2026/03/11 10:16 p.m.5 views

CVE-2026-32117

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS0.00265EPSS
Exploits0References2
CVE
CVE
added 2026/03/11 9:28 p.m.13 views

CVE-2026-32117

The CVE concerns the grafanacubism-panel Grafana plugin. In versions

7.6CVSS5.8AI score0.00265EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/11 9:28 p.m.2 views

CVE-2026-32117

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/11 9:28 p.m.6 views

EUVD-2026-11407

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 9:28 p.m.6 views

CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/11 9:28 p.m.2 views

CVE-2026-32117 grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24851

The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign / window.open with no scheme validation. An attacker with dashboard Editor privileges can set the link t...

7.6CVSS5.8AI score0.00265EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

A cubism panel for Grafana 跨站脚本漏洞

The "Cubism Panel for Grafana" is a visualization plugin developed by ekacnet’s individual developers. Versions of the cubism panel for Grafana prior to 0.1.2 contain a cross-site scripting vulnerability. This vulnerability arises from the panel’s zooming link processor not verifying URL schemes...

7.6CVSS6AI score0.00265EPSS
Exploits0References2
Rows per page
Query Builder