Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS attacks. The vulnerability is possible because it does not sanitize news item title link in NewsPanel.js, allowing a remote attacker to inject arbitrary Javascript through news panel when rendering RSS links...