Grafana is vulnerable to XSS vulnerability because the panels included in the description below can contain html. Therefore, the option to disable or filter the html source must be provided.
[Affected Component]
#Grafana(5.3.1)
Dashboard > Text Panel
[Attack Vectors]
Grafana(5.3.1) Launch
Access to any dashboard
Add Panel > Text
Edit Text Panel
Set Options -> Mode(html) & Content(<script>alert('XSS');</script>)
Grafana is vulnerable to XSS vulnerability because the panels included in the description below can contain html. Therefore, the option to disable or filter the html source must be provided.
The text was updated successfully, but these errors were encountered: