Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
grafana grafana vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-24303
Grafana prior to 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
Grafana Grafana
358
VMScore
CVE-2019-19499
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
Grafana Grafana
312
VMScore
CVE-2020-11110
Grafana up to and including 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an malicious user to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
Grafana Grafana
Netapp E-series Performance Analyzer -
572
VMScore
CVE-2020-13379
The avatar feature in Grafana 3.0.1 up to and including 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain inf...
Grafana Grafana
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Netapp E-series Performance Analyzer -
Opensuse Leap 15.2
Opensuse Backports Sle 15.0
7 Github repositories
446
VMScore
CVE-2020-7662
websocket-extensions npm module before 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and s...
Websocket-extensions Project Websocket-extensions
383
VMScore
CVE-2018-18625
Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Grafana Grafana 5.3.1
383
VMScore
CVE-2018-18624
Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Grafana Grafana 5.3.1
383
VMScore
CVE-2018-18623
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Grafana Grafana 5.3.1
605
VMScore
CVE-2020-7660
serialize-javascript before 3.1.0 allows remote malicious users to inject arbitrary code via the function "deleteFunctions" within "index.js".
Verizon Serialize-javascript
312
VMScore
CVE-2020-13429
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin prior to 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
Grafana Piechart-panel
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »