PT-2020-8639 · Grafana · Grafana

Noasand

Published

2020-06-02

Updated

2024-06-28

CVE-2018-18625

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Grafana version 5.3.1

Description: The issue is related to an incomplete fix, resulting in a cross-site scripting (XSS) vulnerability. This can be exploited via a link on the "Dashboard > All Panels > General" screen or by adding a link in the General feature.

Recommendations: For Grafana version 5.3.1, consider disabling the General feature in the Dashboard until a patch is available to prevent potential exploitation of the XSS vulnerability.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-18625

ECHO-E2C1-B758-80FD

GHSA-6WH2-8HW7-JW94

GO-2024-2483

SUSE-SU-2020:2876-1

SUSE-SU-2020:2911-1

SUSE-SU-2020:3309-1

SUSE-SU-2021:1962-1

Affected Products

Grafana

PT-2020-8639 · Grafana · Grafana

CVE-2018-18625

Weakness Enumeration

Related Identifiers

Affected Products

References · 178