Description
Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashboardPage.jsx.
Remediation
References
https://www.graylog.org/post/announcing-graylog-v2-4-4
https://github.com/Graylog2/graylog2-server/pull/4739
Related Vulnerabilities
CVE-2022-41777 Vulnerability in npm package nadesiko3
CVE-2022-41937 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui
CVE-2023-6293 Vulnerability in npm package sequelize-typescript
CVE-2021-3223 Vulnerability in npm package node-red-dashboard
CVE-2023-48293 Vulnerability in maven package org.xwiki.contrib:xwiki-application-admintools