Description

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

Remediation

References

CVE-2020-11110

Related Vulnerabilities

WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.1)

TYPO3 Improper Authentication Vulnerability (CVE-2014-3944)

Jboss EAP Improper Input Validation Vulnerability (CVE-2013-2185)

WordPress Plugin Simple Fields Cross-Site Scripting (1.4.10)

ownCloud Incorrect Authorization Vulnerability (CVE-2021-29659)

Severity

Medium

Classification

CVE-2020-11110 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities