Description

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

Remediation

References

CVE-2020-11110

Related Vulnerabilities

WebLogic CVE-2018-1257 Vulnerability (CVE-2018-1257)

MySQL CVE-2018-3278 Vulnerability (CVE-2018-3278)

WordPress Plugin Super Logos Showcase for WordPress Arbitrary File Upload (2.2)

WordPress Plugin Lazyest Gallery 'image' Parameter Cross-Site Scripting (1.0.28)

WordPress Plugin Funnel Builder by CartFlows-Create High Converting Sales Funnels For WordPress Privilege Escalation (1.3.0)

Severity

Medium

Classification

CVE-2020-11110 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities