github.com/grafana/grafana is vulnerable to cross-site scripting (XSS). The vulnerability exists when specifying series alias such as test data or elastic search, which allows special characters, caused by the bs-typeahead
directive that evals
the select options passed to it.