Note:
This project will be discontinued after December 13, 2021. [more]
2020-05-24
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
Products | Grafana |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Patches | https://github.com/grafana/grafana/pull/24539 |
Links |
• https://security.netapp.com/advisory/ntap-20200528-0003/
• https://github.com/grafana/grafana/releases/tag/v7.0.0 |