github.com/grafana/grafana is vulnerable to a cross-site scripting (XSS) attack. The library does not properly sanitize the prefix and postfix fields in the singlestat module, allowing a malicious user to inject and execute arbitrary Javascript.
prefix
postfix