[FREEBSD:ECFFB881-A7A7-11ED-8D6A-6C3BE5272ACD] Grafana -- Stored XSS in ResourcePicker component

Severity Medium

Affected Packages 3

CVEs 1

Grafana Labs reports:

  On 2022-12-16 during an internal audit of Grafana, a member of the security
  team found a stored XSS vulnerability affecting the core plugin GeoMap.
  The stored XSS vulnerability was possible due to SVG-files weren't properly
  sanitized and allowed arbitrary JavaScript to be executed in the context
  of the currently authorized user of the Grafana instance.

Package	Affected Version
pkg:freebsd/grafana9	< 9.2.10
pkg:freebsd/grafana8	< 8.5.16
pkg:freebsd/grafana	< 8.5.16

ID

FREEBSD:ECFFB881-A7A7-11ED-8D6A-6C3BE5272ACD

Severity

medium

Severity from

CVE-2022-23552

URL

http://vuxml.freebsd.org/freebsd/ecffb881-a7a7-11ed-8d6a-6c3be5272acd.html

Published

2022-12-16T00:00:00
(21 months ago)

Modified

2023-02-09T00:00:00
(19 months ago)

Rights

FreeBSD VuXML Security Team

Other Advisories

Source	# ID	Name	URL
FreeBSD VuXML			https://github.com/grafana/grafana/security/advisories/GHSA-8xmm-x63g-f6xv

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/grafana9		grafana9	< 9.2.10
Affected	pkg:freebsd/grafana8		grafana8	< 8.5.16
Affected	pkg:freebsd/grafana		grafana	< 8.5.16

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date