Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/22 1:18 p.m.6 views

EUVD-2026-38243

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS6.7AI score0.1546EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:18 p.m.75 views

CVE-2026-9029

CVE-2026-9029 affects Grafana’s Geomap panel (XYZ tile layer) where sanitizeTextPanelContent() runs on the raw template string before variable substitution via getTemplateSrv().replace(), allowing an Editor to inject an XSS payload into a textbox variable default value that executes for all dashb...

7.3CVSS6AI score0.0025EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:18 p.m.4 views

CVE-2026-9029

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS5.9AI score0.0025EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/22 1:18 p.m.6 views

CVE-2026-9029

A user with Editor permissions can place a malicious script in the attribution field of a Geomap panel's XYZ tile layer via a template variable. The script then executes in the browser of any user who views the affected dashboard stored cross-site scripting...

7.3CVSS6AI score0.0025EPSS
Exploits0
Rows per page
Query Builder