Alvaro Balada

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 12.0.1 **Description** Grafana is susceptible to a cross-site scripting (XSS) vulnerability stemming from a combination of a client path traversal and an open redirect. This allows attackers to redirect users to a malicious website hosting a frontend plugin capable of executing arbitrary JavaScript. The vulnerability does not require editor permissions and is exploitable even with anonymous access enabled. If the Grafana Image Renderer plugin is installed, a full read SSRF can be achieved. The default Content-Security-Policy (CSP) in Grafana may offer some mitigation, but is not fully effective. Over 46,000 instances of Grafana were reported as unpatched and vulnerable. The vulnerability allows for potential account takeover and remote code execution. **Recommendations** Update Grafana to version 12.0.1 or later.