7 matches found
BIT-GRAFANA-2026-9029 Stored XSS via Geomap Panel Template Variable Attribution Injection
The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...
PT-2026-51321
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A sanitize-then-interpolate ordering bug exists in the geomap panel's XYZ tile layer. The sanitizeTextPanelContent function processes the raw template string...
Security Bulletin: IBM Storage Ceph is vulnerable to 'Cross-site Scripting' in Grafana (CVE-2023-0507)
Summary Grafana is used by IBM Storage Ceph as part of the dashboard to monitor the stats for each cluster. CVE-2023-0507 Vulnerability Details CVEID: CVE-2023-0507 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Geomap. A...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:1904-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1904-1 advisory. - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645...
SUSE-SU-2023:1902-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645 CVE-2023-0507: Apply attribute sanitation to GeomapPanel bsc1208821 CVE-2023-0594: Avoid storing XSS in TraceView panel...
FreeBSD : Grafana -- Stored XSS in geomap panel plugin via attribution (e2a8e2bd-b808-11ed-b695-6c3be5272acd)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2a8e2bd-b808-11ed-b695-6c3be5272acd advisory. - Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch,...
CVE-2023-0507
Grafana CVE-2023-0507 is a stored XSS in the GeoMap attribution handling that allows an Editor to inject JavaScript into a panel, executed in the context of the logged-in user. This can enable vertical privilege escalation if an Admin views a dashboard containing the malicious attribution. Root c...