WEB APPLICATION VULNERABILITIES Standard & Premium

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24303)

Description

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.

Remediation

References

Related Vulnerabilities

WordPress Plugin Work The Flow File Upload Arbitrary File Upload (2.3.1)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4602)

WordPress Plugin Simple Slide Show TimThumb Arbitrary File Upload (1.0)

WordPress Plugin Sendit WP Newsletter 'submit.php' Blind SQL Injection (1.5.9)

Oracle JRE CVE-2012-0506 Vulnerability (CVE-2012-0506)

Severity

Medium

Classification

CVE-2020-24303 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities