GHSA-p2mq-5mvf-j4j6

Опубликовано: 23 апр. 2025

Источник: github

Github: Не прошло ревью

CVSS3: 6.8

Описание

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability.

A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability.

A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

Ссылки

EPSS

Процентиль: 4%

0.00018

Низкий

6.8 Medium

CVSS3

CVE ID

CVE-2025-2703

Дефекты

CWE-79

Связанные уязвимости

CVE-2025-2703

CVSS3: 6.4

redhat

10 месяцев назад

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

CVE-2025-2703

CVSS3: 6.8

nvd

10 месяцев назад

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

BDU:2025-07172

CVSS3: 6.8

fstec

10 месяцев назад

Уязвимость плагина для визуализации данных в системе мониторинга Grafana XY Chart Plugin, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнить атаку типа DOM-based XSS

SUSE-SU-2025:01991-1

suse-cvrf

8 месяцев назад

Security update for grafana

SUSE-SU-2025:01989-1

suse-cvrf

8 месяцев назад

Security update for Multi-Linux Manager Client Tools

EPSS

Процентиль: 4%

0.00018

Низкий

6.8 Medium

CVSS3

CVE ID

CVE-2025-2703

Дефекты

CWE-79