CVE-2019-9834

Name of the Vulnerable Software and Affected Versions Netdata web application versions prior to 1.13.0

Description The issue allows remote attackers to inject malicious HTML code into an imported snapshot. Successful exploitation can lead to the execution of attacker-supplied HTML in the context of the affected browser. This potentially allows the attacker to steal authentication credentials or control how the site is rendered to the user.

Recommendations For versions prior to 1.13.0, update to version 1.13.0 or later to resolve the issue. As a temporary workaround, consider avoiding the import of snapshots from untrusted sources until a patch is applied. Restrict access to the snapshot import feature to minimize the risk of exploitation.