Description

Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

Remediation

References

CVE-2018-18624

Related Vulnerabilities

WordPress Plugin Amazon JS Cross-Site Scripting (0.10)

PrestaShop Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-15080)

WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Cross-Site Scripting (1.3.6.2)

WordPress Plugin WP-Business Directory (wp-ttisbdir) Multiple Cross-Site Scripting Vulnerabilities (1.0.2)

OpenVPN AS Improper Authentication Vulnerability (CVE-2020-15077)

Severity

Medium

Classification

CVE-2018-18624 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities