Grafana up to and including 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an malicious user to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
grafana grafana |
||
netapp e-series performance analyzer - |