CVE-2018-1000816

MEDIUM5.4EPSS 0.31%

Grafana XSS Vulnerability

Published: 5/14/2022Modified: 11/8/2023

Description

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..

Affected packages (1)

Go/github.com/grafana/grafanafrom 0, < 5.3.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1000816
PATCHhttps://github.com/grafana/grafana
WEBhttps://github.com/grafana/grafana/commit/eabb04cec21dc323347da1aab7fcbf2a6e9dd121
WEBhttps://github.com/grafana/grafana/issues/13667
WEBhttps://github.com/grafana/grafana/pull/13670