Incomplete Fix for XSS Vulnerability in Grafana 5.3.1 via Column Style on Dashboard Table Panel

Incomplete Fix for XSS Vulnerability in Grafana 5.3.1 via Column Style on Dashboard Table Panel

CVE-2018-18624 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.

Learn more about our Web Application Penetration Testing UK.