18 matches found
CVE-2026-22637
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2026-22637
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
CVE-2026-22637
CVE-2026-22637 is associated with Grafana XY Chart Plugin. The Red Hat entry and PT--security advisory describe a DOM-based XSS vulnerability where a user with Editor permissions can modify a panel to execute arbitrary JavaScript. Affected component: Grafana XY Chart Plugin; attack vector involve...
CVE-2026-22637
...
CVE-2026-22637
...
EUVD-2025-12232
Malicious code in bioql PyPI...
The vulnerability of the data visualization plugin in the Grafana XY Chart Plugin system arises from the lack of security measures taken to protect the structure of the web page. This allows attackers to execute DOM-based XSS attacks.
The vulnerability of the data visualization plugin in the Grafana XY Chart Plugin exists due to the lack of security measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute a DOM-based XSS attack remotely...
BIT-GRAFANA-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
SUSE CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
CVE-2025-2703 affects Grafana’s built-in XY Chart plugin through a DOM XSS flaw. The advisory text states that a user with Editor permissions can modify a panel to execute arbitrary JavaScript, indicating that the vulnerability stems from client-side script handling in the chart component and cou...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript...
CVE-2025-2703
A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor-level privileges to inject and execute arbitrary JavaScript code by editing an XY Chart Panel. The vulnerability bypasses the Content Security Policy, allowing the...
XSS in Grafana XY Chart Plugin
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript. This vulnerability first appeared in Grafana v11.1.0, and is fixed in 11.6.0+security-01, 11.5.3+security-01,...
Grafana 安全漏洞
Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. A security vulnerability exists in Grafana version v11.1.0, which stems from a...
PT-2025-17601 · Unknown +1 · Xy Chart Plugin +1
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The built-in XY Chart plugin is affected by a DOM XSS issue. A user with Editor permissions can modify a panel to execute arbitrary JavaScript. Recommendations: At the moment, there is no...