5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
25.3%
github.com/grafana/grafana is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to map attributes in the Geomap plugin which library does not properly sanitize, allowing an attacker with an editor role to inject and execute malicious JavaScript. If an admin user clicks on the map panel, the attacker can change the password.
github.com/advisories/GHSA-hjv9-hm2f-rpcj
github.com/grafana/grafana/commit/6df113e412d8acb6426deedbb3a8012118b2c543
github.com/grafana/grafana/commit/cb402af51412dc262b3f74152332a1dbee2c7263
github.com/grafana/grafana/commit/f89553932a4b534ef3b6942e02c11e19eee10a18
github.com/grafana/grafana/issues/745
github.com/grafana/grafana/issues/753
grafana.com/security/security-advisories/cve-2023-0507/
security.netapp.com/advisory/ntap-20230413-0001/
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.001 Low
EPSS
Percentile
25.3%