CVE-2018-18624

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/grafana/grafana

Identifiers

GHSA-9hv8-4frf-cprf, CVE-2018-18624

Package Slug

go/github.com/grafana/grafana

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

Affected Versions

All versions before 7.0.0

Solution

Upgrade to version 7.0.0 or above.

Last Modified

2024-02-02

source