CVE-2020-11110

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:netapp:e-series_performance_analyzer:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-07-27 13:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-11110

Mitre link : CVE-2020-11110

CVE.ORG link : CVE-2020-11110


JSON object : View

Products Affected

grafana

  • grafana

netapp

  • e-series_performance_analyzer
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')