CVE-2018-1000816
Grafana XSS Vulnerability
5.4
MEDIUM
CVSS 3.1
EPSS 0.31%
Description
Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..
How to fix CVE-2018-1000816
To remediate CVE-2018-1000816, upgrade the affected package to a fixed version below.
- —upgrade to 5.3.2 or later
Is CVE-2018-1000816 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 5.3.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |