Main Vulnerability Database Vulnerabilities #VU72675

#VU72675 Stored cross-site scripting in Grafana - CVE-2023-22462

Published: March 1, 2023 / Updated: March 22, 2023

Vulnerability identifier: #VU72675

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-22462

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Grafana

Software vendor:
Grafana Labs

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Text plugin. A remote user with Editor role can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Remediation

Install update from vendor's website.

External links

https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf

#VU72675 Stored cross-site scripting in Grafana - CVE-2023-22462

Description

Remediation

External links

Please verify you're human