Page 7 of 33 results (0.009 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2020-12245 – grafana: XSS via column.title or cellLinkTooltip

https://notcve.org/view.php?id=CVE-2020-12245

Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. Grafana versiones anteriores a la versiones 6.7.3, permite un ataque de tipo XSS del panel de tabla por medio de column.title o cellLinkTooltip. A flaw was found in grafana. A XSS is possible in table-panel via column.title or cellLinkTooltip. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html https://community.grafana.com/t/release-notes-v6-7-x/27119 https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23 https://github.com/grafana/grafana/pull/23816 https://secu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 26%CPEs: 2EXPL: 1

CVE-2019-15043 – grafana: incorrect access control in snapshot HTTP API leads to denial of service

https://notcve.org/view.php?id=CVE-2019-15043

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana. En Grafana versión 2.x hasta la versión 6.x en versiones anteriores a la 6.3.4, partes de la API HTTP permiten el uso no autenticado. Esto hace posible ejecutar un ataque de denegación de servicio contra el servidor que ejecuta Grafana. • https://github.com/h0ffayyy/CVE-2019-15043 http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569 https://community.grafana.com/t/release-notes-v6-3-x/19202 https://github.com/grafana/grafana/releases https://grafana.com/blog/2019/08 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-306: Missing Authentication for Critical Function •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-13068 – Grafana <=6.2.4 - HTML Injection

https://notcve.org/view.php?id=CVE-2019-13068

public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). El archivo public/app/features/panel/panel_ctrl.ts en Grafana anterior a versión 6.2.5, permite Inyección HTML en los enlaces de desglose del panel (por medio del campo Title o url). Grafana versions 6.2.4 and below suffer from an html injection vulnerability. • https://www.exploit-db.com/exploits/51073 http://packetstormsecurity.com/files/171500/Grafana-6.2.4-HTML-Injection.html https://github.com/grafana/grafana/issues/17718 https://github.com/grafana/grafana/releases/tag/v6.2.5 https://security.netapp.com/advisory/ntap-20190710-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •