CVE-2019-13068: XSS
First published: Sat Jun 29 2019(Updated: )
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Grafana Labs Grafana OSS and Enterprise | <6.2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-13068?
The severity of CVE-2019-13068 is classified as medium due to its potential for HTML injection which can affect user interaction.
How do I fix CVE-2019-13068?
To fix CVE-2019-13068, upgrade Grafana to version 6.2.5 or later.
What types of attacks can CVE-2019-13068 lead to?
CVE-2019-13068 can lead to attacks involving HTML injection, which may allow an attacker to manipulate or mislead users.
Which versions of Grafana are affected by CVE-2019-13068?
CVE-2019-13068 affects all versions of Grafana prior to 6.2.5.
What components of Grafana are involved in CVE-2019-13068?
CVE-2019-13068 involves the panel drilldown links within the panel_ctrl.ts component in Grafana.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/grafana
- canonical/grafana labs grafana oss and enterprise