CVE-2020-24303
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in go/github.com/grafana/grafana
Identifiers
GHSA-mvpr-q6rh-8vrp, CVE-2020-24303
Package Slug
go/github.com/grafana/grafana
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
Affected Versions
All versions before 7.1.0-beta1
Solution
Upgrade to version 7.1.0-beta1 or above. Note: 7.1.0-beta1 may be an unstable version. Use caution.
Last Modified
2024-02-02
| source |