Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
grafanacubism-panel : Stored XSS via javascript: URL in panel zoom link (Editor → Viewer)
Vulnerability Description
The grafanacubism-panel plugin allows use of cubism.js in Grafana. In 0.1.2 and earlier, the panel's zoom-link handler passes a dashboard-editor-supplied URL directly to window.location.assign() / window.open() with no scheme validation. An attacker with dashboard Editor privileges can set the link to a javascript: URI; when any Viewer drag-zooms on the panel, the payload executes in the Grafana origin.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
A cubism panel for Grafana 跨站脚本漏洞
Vulnerability Description
A cubism panel for Grafana是ekacnet个人开发者的一个Grafana的可视化插件。 A cubism panel for Grafana 0.1.2及之前版本存在跨站脚本漏洞,该漏洞源于面板的缩放链接处理器未对URL方案进行验证,可能导致具有仪表板编辑器权限的攻击者设置javascript: URI,从而在Grafana环境中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A