imatwawana

4 exploits Active since Apr 2020
CVE-2021-27358 WRITEUP HIGH WRITEUP
Grafana 6.7.3-7.4.1 - Unauthenticated Denial of Service via Snapshot API
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
CVSS 7.5
CVE-2020-12245 WRITEUP MEDIUM WRITEUP
Grafana < 6.7.3 - Cross-Site Scripting via Table Panel Column Title or Cell Link Tooltip
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
CVSS 6.1
CVE-2020-24303 WRITEUP MEDIUM WRITEUP
Grafana < 7.0.5 and >=0 < 7.1.0-beta1 - Cross-Site Scripting via ElasticSearch Datasource Query Alias
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
CVSS 6.1
CVE-2021-27358 WRITEUP HIGH WRITEUP
Grafana 6.7.3-7.4.1 - Unauthenticated Denial of Service via Snapshot API
The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set.
CVSS 7.5