Description

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

Remediation

References

CVE-2020-11110

Related Vulnerabilities

Zope Web Application Server Other Vulnerability (CVE-2012-5486)

WordPress Plugin Adblock Blocker Arbitrary File Upload (0.0.1)

WordPress Plugin LearnDash LMS Multiple Information Disclosure Vulnerabilities (4.10.2)

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)

Zope Web Application Server Other Vulnerability (CVE-2005-3323)

Severity

Medium

Classification

CVE-2020-11110 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities