Note:
This project will be discontinued after December 13, 2021. [more]
2020-05-24
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
| Products | Grafana |
| Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
| First patch | - None (likely due to unavailable code) |
| Patches | https://github.com/grafana/grafana/pull/24539 |
| Links |
• https://security.netapp.com/advisory/ntap-20200528-0003/
• https://github.com/grafana/grafana/releases/tag/v7.0.0 |