Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11110

Опубликовано: 27 июл. 2020
Источник: debian
EPSS Средний

Описание

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
grafanaremovedpackage

EPSS

Процентиль: 98%
0.64122
Средний

Связанные уязвимости

ubuntu логотип

CVE-2020-11110

CVSS3: 5.4
ubuntu
около 5 лет назад

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

redhat логотип

CVE-2020-11110

CVSS3: 6.1
redhat
больше 5 лет назад

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

nvd логотип

CVE-2020-11110

CVSS3: 5.4
nvd
около 5 лет назад

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

github логотип

GHSA-xr3x-62qw-vc4w

CVSS3: 5.4
github
около 3 лет назад

Grafana stored XSS

oracle-oval логотип

ELSA-2020-4682

oracle-oval
больше 4 лет назад

ELSA-2020-4682: grafana security, bug fix, and enhancement update (MODERATE)

EPSS

Процентиль: 98%
0.64122
Средний