Oracle Linux 8 : grafana (ELSA-2022-1781)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-1781 advisory. - resolve CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache - resolve CVE-2021-43813 grafana: directory traversal vulnerability for...

Grafana 5.0.0 - 8.3.1 Directory Traversal Vulnerability

Grafana is prone to a directory traversal vulnerability for Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Path Traversal

github.com/grafana/grafana is vulnerable to path traversal. The vulnerability exists in the pluginMarkdown function in plugins.go, allowing an authenticated attacker to access fully lowercase or fully uppercase '.md' files outside the expected directory...

CVE-2021-43813

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

Directory traversal

Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 contains a directory traversal vulnerability for fully lowercase or fully uppercase .md files. The vulnerability is limited in scope, and only allows access to files with the extension...

Grafana -- Directory Traversal

GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...

Grafana -- Directory Traversal

GitHub Security Labs reports: A vulnerability through which authenticated users could read out fully lowercase or fully uppercase .md files through directory traversal. Doing our own follow-up investigation we found a related vulnerability through which authenticated users could read out arbitrar...

CVE-2021-29996

Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution RCE by opening .md files containing a mutation Cross Site Scripting XSS payload...

Cross site scripting

Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution RCE by opening .md files containing a mutation Cross Site Scripting XSS payload...

CVE-2021-29996

Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution RCE by opening .md files containing a mutation Cross Site Scripting XSS payload...

Docsify.js 4.11.4 Cross Site Scripting

Exploit Title: Docsify.js 4.11.4 - Reflective Cross-Site Scripting Date: 2020-06-22 Exploit Author: Amin Sharifi Vendor Homepage: https://docsify.js.org Software Link: https://github.com/docsifyjs/docsify Version: 4.11.4 Tested on: Windows 10 CVE : CVE-2020-7680 docsify.js uses fragment identifie...