Lucene search
Veracode Vulnerability DatabaseVERACODE:27706HistoryOct 29, 2020 - 2:12 a.m.
Cross-site Scripting (XSS)
2020-10-2902:12:41
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
33.5%
github.com/grafana/grafana is vulnerable to cross-site scripting (XSS). The vulnerability exists when specifying series alias such as test data or elastic search, which allows special characters, caused by the bs-typeahead directive that evals the select options passed to it.
Related
openvas
openvas
Grafana < 7.1.0-beta1 XSS Vulnerability
2020-10-29 00:00:00
prion
prion
Design/Logic Flaw
2020-10-28 14:15:00
cvelist
cvelist
CVE-2020-24303
2020-10-28 13:25:22
redhatcve
redhatcve
CVE-2020-24303
2020-10-28 18:26:16
osv
osv
CVE-2020-24303
2020-10-28 14:15:12
BIT-grafana-2020-24303
2024-03-06 11:00:38
Grafana XSS via a query alias for the ElasticSearch datasource
2022-05-24 17:32:32
nvd
nvd
CVE-2020-24303
2020-10-28 14:15:12
cve
cve
CVE-2020-24303
2020-10-28 14:15:12
ubuntucve
ubuntucve
CVE-2020-24303
2020-10-28 00:00:00
github
github
Grafana XSS via a query alias for the ElasticSearch datasource
2022-05-24 17:32:32
nessus
nessus
NewStart CGSL MAIN 6.02 : grafana Multiple Vulnerabilities (NS-SA-2022-0053)
2022-05-10 00:00:00
RHEL 8 : grafana (RHSA-2021:1859)
2021-05-19 00:00:00
Rocky Linux 8 : grafana (RLSA-2021:1859)
2023-11-07 00:00:00
redhat
redhat
(RHSA-2021:1859) Moderate: grafana security, bug fix, and enhancement update
2021-05-18 06:16:06
oraclelinux
oraclelinux
grafana security, bug fix, and enhancement update
2021-05-25 00:00:00
almalinux
almalinux
Moderate: grafana security, bug fix, and enhancement update
2021-05-18 06:16:06
rocky
rocky
grafana security, bug fix, and enhancement update
2021-05-18 06:16:06