Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Grafana Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-11110 - Vulnerability Database
Grafana

Grafana Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2020-11110

Medium
Reference: CVE-2020-11110
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-11110
Title: Grafana Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.