CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18625
https://notcve.org/view.php?id=CVE-2018-18625
Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Grafana versión 5.3.1, presenta una vulnerabilidad de tipo XSS por medio de un enlace en la pantalla "Dashboard ) All Panels ) General". NOTA: este problema se presenta debido a una corrección incompleta para CVE-2018-12099. • https://github.com/grafana/grafana/pull/11813 https://security.netapp.com/advisory/ntap-20200608-0008 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18624 – grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen
https://notcve.org/view.php?id=CVE-2018-18624
Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Grafana versión 5.3.1, presenta una vulnerabilidad de tipo XSS por medio de un estilo de columna en la pantalla "Dashboard ) Table Panel". NOTA: este problema se presenta debido a una corrección incompleta para CVE-2018-12099. A flaw was found in grafana. • https://github.com/grafana/grafana/pull/11813 https://security.netapp.com/advisory/ntap-20200608-0008 https://access.redhat.com/security/cve/CVE-2018-18624 https://bugzilla.redhat.com/show_bug.cgi?id=1850572 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2018-18623 – grafana: XSS vulnerability via the "Dashboard > Text Panel" screen
https://notcve.org/view.php?id=CVE-2018-18623
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099. Grafana versión 5.3.1, presenta una vulnerabilidad de tipo XSS por medio de la pantalla "Dashboard ) Text Panel". NOTA: este problema se presenta debido a una corrección incompleta para CVE-2018-12099. A flaw was found in grafana. • https://github.com/grafana/grafana/issues/15293 https://github.com/grafana/grafana/pull/11813 https://github.com/grafana/grafana/releases/tag/v6.0.0 https://security.netapp.com/advisory/ntap-20200608-0008 https://access.redhat.com/security/cve/CVE-2018-18623 https://bugzilla.redhat.com/show_bug.cgi?id=1850568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13430 – grafana: XSS via the OpenTSDB datasource
https://notcve.org/view.php?id=CVE-2020-13430
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. Grafana versiones anteriores a 7.0.0, permite un ataque de tipo XSS del valor de etiqueta por medio de la fuente de datos OpenTSDB. A flaw was found in grafana Tag value XSS via the OpenTSDB datasource are possible. The highest threat from this vulnerability is to data confidentiality and integrity. • https://github.com/grafana/grafana/pull/24539 https://github.com/grafana/grafana/releases/tag/v7.0.0 https://security.netapp.com/advisory/ntap-20200528-0003 https://access.redhat.com/security/cve/CVE-2020-13430 https://bugzilla.redhat.com/show_bug.cgi?id=1848108 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 1CVE-2020-12458 – grafana: information disclosure through world-readable /var/lib/grafana/grafana.db
https://notcve.org/view.php?id=CVE-2020-12458
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords). Se encontró un fallo de divulgación de información en Grafana versiones hasta 6.7.3. El directorio de base de datos /var/lib/grafana y el archivo de base de datos /var/lib/grafana/grafana.db son de tipo world readable. • https://access.redhat.com/security/cve/CVE-2020-12458 https://bugzilla.redhat.com/show_bug.cgi?id=1827765 https://github.com/grafana/grafana/issues/8283 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A https://security.netapp.com/advisory/ntap-20200518-0001 • CWE-732: Incorrect Permission Assignment for Critical Resource •