20 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal when using a custom frontend. An attacker can write files outside of the intended storage root by crafting a malicious API message when an untrusted frontend is used with syntax or --build-arg BUILDKITSYNTAX. Note:...
Advisory ROSA-SA-2026-3252
software: grafana 12.1.8 WASP: ROSA-CHROME unaffected versions = grafana-12.1.8-1 affected versions 3s, timeout and permanently block on sending to an unbuffered channel, resulting in linear growth of goroutines and memory exhaustion. CVE-STATUS: The vulnerability has been resolved CVE-REV: To...
MiracleLinux 8 : grafana-9.2.10-23.el8_10 (AXSA:2025-9968:05)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9968:05 advisory. grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 Tenable has extracted the preceding description bloc...
grafana security update
An update is available for grafana. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...
RLSA-2025:7893 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 grafana: Cross-site Scripting XSS in Grafana via Custom Frontend...
RockyLinux 10 : grafana (RLSA-2025:7892)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7892 advisory. grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 Tenable has extracted the preceding description block...
grafana security update
An update is available for grafana. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor f...
RLSA-2025:7892 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 For more details about the security issues, including the impact, ...
RLSA-2025:7894 Important: grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 For more details about the security issues, including the impact, ...
The vulnerability of the Custom Frontend Plugin component of the Grafana monitoring and observation platform allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability of the Custom Frontend Plugin component of the Grafana monitoring and observation platform is related to improper input validation during the creation of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...
grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...
grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...
grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...
grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...
grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...
grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...
grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect
A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...
WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting
======================================================================================== Custom Frontend Login Registration Form v1.01 WP Plugin - Multiple XSS Vulnerabilities ======================================================================================== Exploit Title: Custom Frontend...
WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================================== Custom Frontend Login Registration Form v1.01 WP Plugin - Multiple XSS Vulnerabilities...