WEB APPLICATION VULNERABILITIES Standard & Premium

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068)

Description

public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).

Remediation

References

Related Vulnerabilities

WordPress Plugin Invite Anyone Multiple Vulnerabilities (1.3.15)

WordPress Plugin Coming Soon & Maintenance Mode Page Unspecified Vulnerability (1.40)

Drupal Core 8.7.0 Directory Traversal (8.7.0)

WordPress Plugin Easy Media Download Cross-Site Scripting (1.1.4)

Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-7592)

Severity

Medium

Classification

CVE-2019-13068 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities