logo

Database

Reflected cross-site scripting (XSS) In github.com/grafana/grafana

Description

Grafana XSS in Dashboard Text Panel Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-186232. NVD-2018-186233. OSV-2018-186234. GCVE-2018-18623

References

1. https://github.com/grafana/grafana/issues/152932. https://github.com/grafana/grafana/issues/41173. https://github.com/grafana/grafana/pull/118134. https://github.com/grafana/grafana/pull/149845. https://github.com/grafana/grafana/releases/tag/v6.0.06. https://security.netapp.com/advisory/ntap-20200608-0008

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.