CVE-2018-1000816

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..
References
Link Resource
https://github.com/grafana/grafana/issues/13667 Exploit Issue Tracking
Configurations

Configuration 1

cpe:2.3:a:grafana:grafana:5.3.0:*:*:*:*:*:*:*
cpe:2.3:a:grafana:grafana:5.2.4:*:*:*:*:*:*:*

Information

Published : 2018-12-20 03:29

Updated : 2019-01-07 09:25


NVD link : CVE-2018-1000816

Mitre link : CVE-2018-1000816

Products Affected
No products.
CWE