CVE-2020-11110

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/grafana/grafana

Identifiers

GHSA-xr3x-62qw-vc4w, CVE-2020-11110

Package Slug

go/github.com/grafana/grafana

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

Affected Versions

All versions up to 6.7.1

Solution

Upgrade to version 6.7.2 or above.

Last Modified

2024-02-02

source