Lucene search
+L

9 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-1410

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The...

6.2CVSS6.8AI score0.00962EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2024/01/18 9:15 p.m.39 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Grafana (CVE-2023-1410)

Summary Grafana is used by IBM Storage Ceph as a monitoring dashboard. CVE-2023-1410 This bulletin identifies the steps to take to address the vulnerability in Grafana. Vulnerability Details CVEID: CVE-2023-1410 DESCRIPTION: Grafana is vulnerable to cross-site scripting, caused by improper...

6.2CVSS6.2AI score0.00962EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2023/06/22 12:0 a.m.30 views

SUSE: Security Advisory (SUSE-SU-2023:2578-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.68603EPSS
Exploits9References19
OSV
OSV
added 2023/06/21 11:49 a.m.10 views

SUSE-SU-2023:2578-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 Load network configuration even when missing protocol version bsc1210640...

9.8CVSS7.8AI score0.68603EPSS
Exploits9References32
OSV
OSV
added 2023/06/21 11:42 a.m.10 views

SUSE-SU-2023:2575-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: grafana: - Version update from 8.5.22 to 9.5.1 jscPED-3694: Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip bsc1209645 - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request...

9.8CVSS7.7AI score0.68603EPSS
Exploits8References25
Tenable Nessus
Tenable Nessus
added 2023/04/20 12:0 a.m.78 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : grafana (SUSE-SU-2023:1904-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1904-1 advisory. - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645...

7.3CVSS6.8AI score0.1546EPSS
Exploits1References10
OSV
OSV
added 2023/04/19 3:8 a.m.6 views

SUSE-SU-2023:1902-1 Security update for SUSE Manager Client Tools

This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: - Security issues fixed: CVE-2023-1410: Fix XSS in Graphite functions tooltip bsc1209645 CVE-2023-0507: Apply attribute sanitation to GeomapPanel bsc1208821 CVE-2023-0594: Avoid storing XSS in TraceView panel...

7.3CVSS6.3AI score0.1546EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2023/03/23 7:48 a.m.4 views

CVE-2023-1410 Stored XSS in Graphite FunctionDescription tooltip

Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have contro...

6.2CVSS6.1AI score0.00962EPSS
Exploits1References3
CVE
CVE
added 2023/03/23 7:48 a.m.260 views

CVE-2023-1410

Grafana (open-source platform) contains a stored XSS in the Graphite FunctionDescription tooltip due to insufficient sanitization. Exploitation requires attacker control of the Graphite data source and an admin to configure it, followed by a user hovering over a tampered function description. Aff...

6.2CVSS5.6AI score0.00962EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder