Exploit for #VU109656 Cross-site scripting in Grafana

Cybersecurity Help s.r.o.

Published: 2025-05-23 | Updated: 2025-06-06

Vulnerability identifier: #VU109656

Vulnerability risk: Low

CVSSv4.0: 2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/U:Clear]

CVE-ID: CVE-2025-4123

CWE-ID: CWE-79

Exploitation vector: Network

Exploits in database: 3

June 6, 2025
- CVE-2025-4123-Exploit-Tool-Grafana- (CVE-2025-4123 - Grafana Tool) [Github]
- CVE-2025-4123-template [Github]
May 23, 2025
- CVE-2025-4123 (Script to exploit Grafana CVE-2025-4123: XSS and Full-Read SSRF) [Github]

Vulnerable software:
Grafana
Web applications / Other software

Vendor: Grafana Labs