5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
github.com/grafana/grafana is vulnerable to cross-site scripting(XSS) attacks. A remote authenticated attacker is able to inject HTML content through the Grafana datasource or the plugin proxy and trick a user to visit a malicious HTML page using a specially crafted link.
github.com/grafana/grafana/commit/254f19c70376286f0dc627b2d95c7f5cc63a8153
github.com/grafana/grafana/commit/27726868b3d7c613844b55cd209ca93645c99b85
github.com/grafana/grafana/issues/226
github.com/grafana/grafana/pull/386
github.com/grafana/grafana/pull/45083
github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g
grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/
lists.fedoraproject.org/archives/list/[email protected]/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/
lists.fedoraproject.org/archives/list/[email protected]/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/
lists.fedoraproject.org/archives/list/[email protected]/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/
security.netapp.com/advisory/ntap-20220303-0005/
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N