logo

Database

Reflected cross-site scripting (XSS) In github.com/grafana/grafana

Description

Grafana is vulnerable to XSS attacks through open redirects and path traversal An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.

The open redirect can be chained with path traversal vulnerabilities to achieve XSS.

Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2025-60232. NVD-2025-60233. OSV-2025-60234. GCVE-2025-6023

References

1. https://github.com/grafana/grafana/commit/0ba0b99665a946cd96676ef85ec8bc83028cb1d72. https://github.com/grafana/grafana/commit/40ed88fe86d347bcde5ddaed6c4a20a95d2f0d553. https://github.com/grafana/grafana/commit/5b00e21638f565eed46acb4d0b7c009968df4c3b4. https://github.com/grafana/grafana/commit/b6dd2b70c655c61b111b328f1a7dcca6b39549365. https://github.com/grafana/grafana/commit/e0ba4b480954f8a33aa2cff3229f6bcc05777bd96. https://github.com/grafana/grafana7. https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-60238. https://grafana.com/security/security-advisories/cve-2025-6023

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.