Lucene search

PRIOn knowledge basePRION:CVE-2020-11110

HistoryJul 27, 2020 - 1:15 p.m.

Input validation

2020-07-2713:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.7%

JSON

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

CPENameOperatorVersion
grafanale6.7.1

CPE	Name	Operator	Version
	grafana	le	6.7.1

References

github.com/grafana/grafana/blob/master/CHANGELOG.md

security.netapp.com/advisory/ntap-20200810-0002/