github.com/grafana/grafana is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to React’s render cycle in the “Text” plugin which passes through the unsanitized HTML code, allowing an attacker with an editor role to inject and execute malicious JavaScript, and take over the admin account if they click the “Markdown” or “HTML” text panel.
github.com/advisories/GHSA-7rqg-hjwc-6mjf
github.com/grafana/grafana/commit/816923e94d7c4243a0ca6e1481ee1156a181f196
github.com/grafana/grafana/commit/c04bf6599842fb6719cb2e609fde475d2a9dee12
github.com/grafana/grafana/commit/db83d5f398caffe35c5846cfa7727d1a2a414165
github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf
grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/
security.netapp.com/advisory/ntap-20230413-0004/