First published: Tue Jun 02 2020(Updated: )
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Grafana Grafana | =5.3.1 | |
go/github.com/grafana/grafana | <6.0.0-beta1 | 6.0.0-beta1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Grafana vulnerability is CVE-2018-18623.
The severity of CVE-2018-18623 is medium, with a CVSS score of 6.1.
CVE-2018-18623 affects Grafana 5.3.1 and allows XSS attacks via the "Dashboard > Text Panel" screen.
Yes, a fix for CVE-2018-18623 is available in version 6.0.0 of Grafana.
The CWE ID for CVE-2018-18623 is CWE-79.