CVE-2018-12099
grafana: Cross-site Scripting (XSS) in dashboard links
Severity Score
6.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
Grafana en versiones anteriores a la 5.2.0-beta1 tiene vulnerabilidades Cross-Site Scripting (XSS) en los enlaces del cuadro de mandos.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-06-11 CVE Reserved
- 2018-06-11 CVE Published
- 2023-07-08 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/grafana/grafana/releases/tag/v5.2.0-beta1 | Third Party Advisory | |
https://security.netapp.com/advisory/ntap-20190416-0004 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://github.com/grafana/grafana/pull/11813 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2018-12099 | 2019-04-30 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1590017 | 2019-04-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Grafana Search vendor "Grafana" | Grafana Search vendor "Grafana" for product "Grafana" | <= 5.1.3 Search vendor "Grafana" for product "Grafana" and version " <= 5.1.3" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Active Iq Performance Analytics Services Search vendor "Netapp" for product "Active Iq Performance Analytics Services" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Storagegrid Webscale Nas Bridge Search vendor "Netapp" for product "Storagegrid Webscale Nas Bridge" | - | - |
Affected
|