CVE-2018-18623
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/grafana/grafana
Identifiers
GHSA-cmq2-j8v8-2q44, CVE-2018-18623
Package Slug
go/github.com/grafana/grafana
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Grafana 5.3.1 has XSS via the "Dashboard > Text Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
Affected Versions
All versions before 6.0.0-beta1
Solution
Upgrade to version 6.0.0-beta1 or above. Note: 6.0.0-beta1 may be an unstable version. Use caution.
Last Modified
2024-01-31
| source |