CVE-2019-13068
MEDIUMGrafana < 6.2.5 - XSS
Title source: ruleDescription
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by SimranJeet Singh · textwebappstypescript
https://www.exploit-db.com/exploits/51073
References (4)
Scores
CVSS v3
5.4
EPSS
0.0502
EPSS Percentile
89.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
grafana/grafana
< 6.2.5
grafana/grafana
0 - 6.2.5Go
Published
Jun 30, 2019
Tracked Since
Feb 18, 2026