Note:
This project will be discontinued after December 13, 2021. [more]
2019-06-30
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
Products | Grafana |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Links |
• https://github.com/grafana/grafana/issues/17718
• https://security.netapp.com/advisory/ntap-20190710-0001/ • https://github.com/grafana/grafana/releases/tag/v6.2.5 • http://packetstormsecurity.com/files/171500/Grafana-6.2.4-HTML-Injection.html |