Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.8
CVSSv3

CVE-2023-1410

Published: 23/03/2023 Updated: 20/04/2023
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 0
Subscribe to Grafana

Vulnerability Summary

Description<!---->A flaw was found in Grafana. This flaw allows an malicious user to host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed.A flaw was found in Grafana. This flaw allows an malicious user to host a Graphite instance with modified Function Descriptions containing XSS payloads. When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executed.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

grafana grafana

Vendor Advisories

Red Hat: Important: Red Hat Ceph Storage 6.1 security, enhancements, and bug fix update
Synopsis Important: Red Hat Ceph Storage 61 security, enhancements, and bug fix update Type/Severity Security Advisory: Important Topic Updated container image for Red Hat Ceph Storage 61 is now available in the Red Hat Ecosystem Catalog Description Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines ...
Red Hat:
Description<!---->A flaw was found in Grafana This flaw allows an attacker to host a Graphite instance with modified Function Descriptions containing XSS payloads When the victim uses it in a query and accidentally hovers over the Function Description, an attacker-controlled XSS payload will be executedA flaw was found in Grafana This flaw allo ...

References

CWE-79https://github.com/grafana/bugbounty/security/advisories/GHSA-qrrg-gw7w-vp76https://grafana.com/security/security-advisories/cve-2023-1410/https://security.netapp.com/advisory/ntap-20230420-0003/https://access.redhat.com/errata/RHSA-2023:7741https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2023-1410
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client sideCVE-2023-31889template injectionCVE-2024-4304CVE-2006-4304CVE-2024-33272type confusionCVE-2024-21345CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook