Lucene search
K

20 matches found

Snyk
Snyk
added 2026/03/27 2:24 a.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal when using a custom frontend. An attacker can write files outside of the intended storage root by crafting a malicious API message when an untrusted frontend is used with syntax or --build-arg BUILDKITSYNTAX. Note:...

9.8CVSS6.5AI score0.00498EPSS
Exploits0References2
Rosalinux
Rosalinux
added 2026/03/22 9:40 p.m.6 views

Advisory ROSA-SA-2026-3252

software: grafana 12.1.8 WASP: ROSA-CHROME unaffected versions = grafana-12.1.8-1 affected versions 3s, timeout and permanently block on sending to an unbuffered channel, resulting in linear growth of goroutines and memory exhaustion. CVE-STATUS: The vulnerability has been resolved CVE-REV: To...

7.6CVSS7.2AI score0.97809EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.3 views

MiracleLinux 8 : grafana-9.2.10-23.el8_10 (AXSA:2025-9968:05)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9968:05 advisory. grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 Tenable has extracted the preceding description bloc...

7.6CVSS7.8AI score0.97809EPSS
Exploits6References2
Rockylinux
Rockylinux
added 2025/10/04 12:11 a.m.6 views

grafana security update

An update is available for grafana. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor fo...

7.6CVSS6.5AI score0.97809EPSS
Exploits6
OSV
OSV
added 2025/10/04 12:11 a.m.7 views

RLSA-2025:7893 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 grafana: Cross-site Scripting XSS in Grafana via Custom Frontend...

7.6CVSS7.3AI score0.97809EPSS
Exploits6References2
Tenable Nessus
Tenable Nessus
added 2025/10/04 12:0 a.m.3 views

RockyLinux 10 : grafana (RLSA-2025:7892)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:7892 advisory. grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 Tenable has extracted the preceding description block...

7.6CVSS7.8AI score0.97809EPSS
Exploits6References3
Rockylinux
Rockylinux
added 2025/10/03 7:56 p.m.5 views

grafana security update

An update is available for grafana. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Grafana is an open source, feature rich metrics dashboard and graph editor f...

7.6CVSS6.4AI score0.97809EPSS
Exploits6
OSV
OSV
added 2025/10/03 7:56 p.m.7 views

RLSA-2025:7892 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 For more details about the security issues, including the impact, ...

7.6CVSS6.4AI score0.97809EPSS
Exploits6References2
OSV
OSV
added 2025/07/29 1:38 p.m.5 views

RLSA-2025:7894 Important: grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: grafana: Cross-site Scripting XSS in Grafana via Custom Frontend Plugins and Open Redirect CVE-2025-4123 For more details about the security issues, including the impact, ...

7.6CVSS5.9AI score0.97809EPSS
Exploits6References2
BDU FSTEC
BDU FSTEC
added 2025/06/16 12:0 a.m.7 views

The vulnerability of the Custom Frontend Plugin component of the Grafana monitoring and observation platform allows attackers to perform cross-site scripting (XSS) attacks.

The vulnerability of the Custom Frontend Plugin component of the Grafana monitoring and observation platform is related to improper input validation during the creation of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...

9CVSS7.3AI score0.97809EPSS
Exploits6References9Affected Software4
RedHat Linux
RedHat Linux
added 2025/06/09 2:11 p.m.3 views

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

7.6CVSS5.8AI score0.97809EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2025/06/09 2:3 p.m.4 views

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

7.6CVSS5.8AI score0.97809EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2025/06/09 1:59 p.m.4 views

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

7.6CVSS5.8AI score0.97809EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2025/06/09 1:44 p.m.7 views

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

7.6CVSS5.8AI score0.97809EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2025/06/09 1:29 p.m.5 views

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

7.6CVSS5.8AI score0.97809EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2025/06/09 10:18 a.m.3 views

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

7.6CVSS5.8AI score0.97809EPSS
Exploits6References5
Grafana
Grafana
added 2025/05/21 12:0 a.m.11 views

Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin

A cross-site scripting XSS vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permission...

7.6CVSS7.4AI score0.97809EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2025/05/19 6:20 a.m.6 views

grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect

A flaw was found in Grafana's custom frontend plugin handling. This vulnerability allows an attacker to perform a cross-site scripting XSS attack by exploiting a client path traversal and an open redirect issue, leading to arbitrary JavaScript execution and potential user redirection to malicious...

7.6CVSS5.8AI score0.97809EPSS
Exploits6References5
Packet Storm
Packet Storm
added 2018/11/15 12:0 a.m.255 views

WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting

======================================================================================== Custom Frontend Login Registration Form v1.01 WP Plugin - Multiple XSS Vulnerabilities ======================================================================================== Exploit Title: Custom Frontend...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/11/15 12:0 a.m.262 views

WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ======================================================================================== Custom Frontend Login Registration Form v1.01 WP Plugin - Multiple XSS Vulnerabilities...

7.4AI score
Exploits0
Rows per page
Query Builder