Stored Cross-Site Scripting (XSS)

2023-03-2402:11:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

stored cross-site scripting

vulnerability

grafana

graphite

dom

sanitization

attacker

payload

security

0.001 Low

EPSS

Percentile

26.7%

JSON

github.com/grafana/grafana is vulnerable to Stored Cross-Site Scripting (XSS). A Graphite data source can be used for Functions, but sanitization is not done when adding them to the DOM, allowing an attacker to host a Graphite instance with a modified Function description containing a XSS payload.

CPENameOperatorVersion
github.com/grafana/grafanale9.3.10
github.com/grafana/grafanalev9.4.6
github.com/grafana/grafanalev8.5.16
github.com/grafana/grafanalev9.2.13
github.com/grafana/grafanale9.3.10
github.com/grafana/grafanalev9.4.6
github.com/grafana/grafanalev8.5.16
github.com/grafana/grafanalev9.2.13

Name	Operator	Version
github.com/grafana/grafana	le	9.3.10
github.com/grafana/grafana	le	v9.4.6
github.com/grafana/grafana	le	v8.5.16
github.com/grafana/grafana	le	v9.2.13
github.com/grafana/grafana	le	9.3.10
github.com/grafana/grafana	le	v9.4.6
github.com/grafana/grafana	le	v8.5.16
github.com/grafana/grafana	le	v9.2.13