Description

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

Remediation

References

CVE-2018-18625

Related Vulnerabilities

WordPress Plugin WP Content Copy Protection & No Right Click Cross-Site Request Forgery (3.1.5)

Drupal Core 5.x Session Fixation (5.0 - 5.8)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.29)

WordPress Plugin YITH WooCommerce Wishlist Unspecified Vulnerability (2.0.6)

OpenSSL Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2009-1378)

Severity

Medium

Classification

CVE-2018-18625 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities