CVE-2023-1410
Published: Mar 23, 2023
Modified: Mar 4, 2025
CVSS v3.1
6.2
Description
Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.
| Vendor | Product | Versions |
|---|---|---|
Grafana | Grafana | affected 8.0.0 - < 8.5.22affected 9.0.0 - < 9.2.15affected 9.3.0 - < 9.3.11 |
Grafana | Grafana Enterprise | affected 8.0.0 - < 8.5.22affected 9.0.0 - < 9.2.15affected 9.3.0 - < 9.3.11 |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now