Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
stored xss in grafana query editor #13667
Dear Grafana Team –
I have found a persistent xss in Grafana's query editor for Graphite and Influxdb. The xss is triggered when clicking the field in the query editor's "FROM"-row in which the payload  was previously inserted.
I attached this short screencast to make it easy to reproduce the behaviour