5 matches found
Grafana Labs 11.1.0 < 11.2.8+security-01, 11.3.5+security-01, 11.4.3+security-01, 11.5.3+security-01, 11.6.0+security-01 XSS (CVE-2025-2703)
The version of Grafana Labs installed on the remote host is affected by cross-site scripting vulnerability as referenced in the CVE-2025-2703 advisory. - The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order t...
Security update for grafana
This update for grafana fixes the following issues: grafana was updated from version 10.4.15 to 11.5.5 jscPED-12918: Security issues fixed: CVE-2025-4123: Fix cross-site scripting vulnerability bsc1243714. CVE-2025-22872: Bump golang.org/x/net/html bsc1241809 CVE-2025-3580: Prevent unauthorized...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor-level privileges to inject and execute arbitrary JavaScript code by editing an XY Chart Panel. The vulnerability bypasses the Content Security Policy, allowing the...
CVE-2025-2703
creationtimestamp| type| source ---|---|--- 2025-04-23 08:30:30+00:00| seen| https://bsky.app/profile/grafana.bsky.social/post/3lnhroytxvs2w 2025-04-23 10:38:14+00:00| seen| https://bsky.app/profile/nixpkgssecuritychanges.gerbet.me/post/3lnhytg4c222p 2025-04-23 12:19:33+00:00| seen|...