9 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-1410
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The...
Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Grafana (CVE-2023-1410)
Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-1410 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID: CVE-2023-1410 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper...
SUSE: Security Advisory (SUSE-SU-2023:2578-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...
SUSE-SU-2023:2575-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip bsc1209645 - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:1904-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1904-1 advisory. - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645...
SUSE-SU-2023:1902-1 Security update for SUSE Manager Client Tools
This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645 CVE-2023-0507: Apply attribute sanitation to GeomapPanel bsc1208821 CVE-2023-0594: Avoid storing XSS in TraceView panel...
CVE-2023-1410 Stored XSS in Graphite FunctionDescription tooltip
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...
CVE-2023-1410
Grafana (open-source platform) contains a stored XSS in the Graphite FunctionDescription tooltip due to insufficient sanitization. Exploitation requires attacker control of the Graphite data source and an admin to configure it, followed by a user hovering over a tampered function description. Aff...