CVE-2018-18625

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/grafana/grafana

Identifiers

GHSA-6wh2-8hw7-jw94, CVE-2018-18625

Package Slug

go/github.com/grafana/grafana

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Grafana 5.3.1 has XSS via a link on the "Dashboard > All Panels > General" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

Affected Versions

All versions before 6.0.0-beta1

Solution

Upgrade to version 6.0.0-beta1 or above. Note: 6.0.0-beta1 may be an unstable version. Use caution.

Last Modified

2024-01-31

source