github.com/grafana/grafana is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to map attributes in the Geomap plugin which library does not properly sanitize, allowing an attacker with an editor role to inject and execute malicious JavaScript. If an admin user clicks on the map panel, the attacker can change the password.
github.com/advisories/GHSA-hjv9-hm2f-rpcj
github.com/grafana/grafana/commit/6df113e412d8acb6426deedbb3a8012118b2c543
github.com/grafana/grafana/commit/cb402af51412dc262b3f74152332a1dbee2c7263
github.com/grafana/grafana/commit/f89553932a4b534ef3b6942e02c11e19eee10a18
github.com/grafana/grafana/issues/745
github.com/grafana/grafana/issues/753
grafana.com/security/security-advisories/cve-2023-0507/
security.netapp.com/advisory/ntap-20230413-0001/