Torkeloop

**Name of the Vulnerable Software and Affected Versions** Grafana versions prior to 6.2.5 **Description** The issue allows HTML Injection in panel drilldown links via the Title or url field. This is related to the `public/app/features/panel/panel ctrl.ts` file in Grafana. **Recommendations** For versions prior to 6.2.5, update to version 6.2.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Title and url fields in panel drilldown links to minimize the risk of exploitation.