github.com/grafana/grafana is vulnerable to Stored Cross-Site Scripting (XSS). A Graphite data source can be used for Functions, but sanitization is not done when adding them to the DOM, allowing an attacker to host a Graphite instance with a modified Function description containing a XSS payload.
github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76
github.com/grafana/grafana/commit/42911348a76e8484396b951bef8b7bff97a84cbc
github.com/grafana/grafana/commit/e59427c0747ae2f3feb1bfc3a4b87f0886208cc6
github.com/grafana/grafana/commit/ef2eb2b6bf1d7c0fb781e3e05d0d1aecd6dd438a
github.com/grafana/grafana/commit/f9548d33f8624d6694983fe5aad181007405be8a
github.com/grafana/grafana/issues/805
github.com/grafana/grafana/pull/804
github.com/grafana/grafana/pull/806
github.com/grafana/grafana/pull/808
github.com/grafana/grafana/pull/810
grafana.com/security/security-advisories/cve-2023-1410/
security.netapp.com/advisory/ntap-20230420-0003/