logo

Database

Reflected cross-site scripting (XSS) In github.com/grafana/grafana

Description

Grafana XSS via adding a link in General feature Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-186252. NVD-2018-186253. OSV-2018-186254. GCVE-2018-18625

References

1. https://github.com/grafana/grafana/pull/118132. https://github.com/grafana/grafana/pull/149843. https://security.netapp.com/advisory/ntap-20200608-0008

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.