Lucene search
K

7 matches found

OSV
OSV
added 2026/06/26 8:43 a.m.9 views

BIT-GRAFANA-2026-9029 Stored XSS via Geomap Panel Template Variable Attribution Injection

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS5.8AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A sanitize-then-interpolate ordering bug exists in the geomap panel's XYZ tile layer. The sanitizeTextPanelContent function processes the raw template string...

7.3CVSS5.7AI score0.00266EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/01 7:54 p.m.21 views

Security Bulletin: IBM Storage Ceph is vulnerable to 'Cross-site Scripting' in Grafana (CVE-2023-0507)

Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2023-0507 Vulnerability Details CVEID: CVE-2023-0507 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Geomap. A...

7.3CVSS6AI score0.1546EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.78 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:1904-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1904-1 advisory. - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645...

7.3CVSS6.8AI score0.1546EPSS
Exploits1References10
OSV
OSV
added 2023/04/19 3:8 a.m.6 views

SUSE-SU-2023:1902-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645 CVE-2023-0507: Apply attribute sanitation to GeomapPanel bsc1208821 CVE-2023-0594: Avoid storing XSS in TraceView panel...

7.3CVSS6.3AI score0.1546EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/03/03 12:0 a.m.29 views

FreeBSD : Grafana -- Stored XSS in geomap panel plugin via attribution (e2a8e2bd-b808-11ed-b695-6c3be5272acd)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2a8e2bd-b808-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch,...

7.3CVSS7.4AI score0.1546EPSS
Exploits0References3
CVE
CVE
added 2023/03/01 3:35 p.m.224 views

CVE-2023-0507

Grafana CVE-2023-0507 is a stored XSS in the GeoMap attribution handling that allows an Editor to inject JavaScript into a panel, executed in the context of the logged-in user. This can enable vertical privilege escalation if an Admin views a dashboard containing the malicious attribution. Root c...

7.3CVSS6.3AI score0.1546EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder