[FREEBSD:E2A8E2BD-B808-11ED-B695-6C3BE5272ACD] Grafana -- Stored XSS in geomap panel plugin via attribution
Severity
Medium
Affected Packages
3
CVEs
1
Grafana Labs reports:
During an internal audit of Grafana on January 25, a member of the security
team found a stored XSS vulnerability affecting the core geomap plugin.
The stored XSS vulnerability was possible because map attributions weren’t
properly sanitized, allowing arbitrary JavaScript to be executed in the context
of the currently authorized user of the Grafana instance.
The CVSS score for this vulnerability is 7.3 High
(CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).
Package | Affected Version |
---|---|
pkg:freebsd/grafana9 | < 9.2.13 |
pkg:freebsd/grafana8 | < 8.5.21 |
pkg:freebsd/grafana | < 8.5.21 |
- ID
- FREEBSD:E2A8E2BD-B808-11ED-B695-6C3BE5272ACD
- Severity
- medium
- Severity from
- CVE-2023-0507
- URL
- http://vuxml.freebsd.org/freebsd/e2a8e2bd-b808-11ed-b695-6c3be5272acd.html
- Published
-
2023-01-25T00:00:00
(20 months ago) - Modified
-
2023-03-01T00:00:00
(18 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |