HomePentest-Tools.com Logo

Grafana 9.2.x < 9.2.13, 9.3.x < 9.3.8 XSS Vulnerability (GHSA-7rqg-hjwc-6mjf) CVE-2023-22462

Severity
CVSSv3 Score
5.4
Vulnerability description

Grafana is prone to a cross-site scripting (XSS) vulnerability in the text plugin.

Risk description

The stored XSS vulnerability requires several user interactions in order to be fully exploited. The vulnerability was possible due to Reacts render cycle that will pass though the unsanitized HTML code, but in the next cycle the HTML is cleaned up and saved in Grafanas database.

Recommendation

Update to version 9.2.13, 9.3.8 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Mar 2, 2023
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available