Vulnerabilities > Grafana > Grafana > 1.2.1

DATE CVE VULNERABILITY TITLE RISK
2023-01-27 CVE-2022-39324 Cross-site Scripting vulnerability in Grafana
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana CWE-79
3.5
3.5
2022-11-09 CVE-2022-39307 Information Exposure Through an Error Message vulnerability in Grafana
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana CWE-209
5.3
5.3
2022-10-13 CVE-2022-31130 Insufficiently Protected Credentials vulnerability in Grafana
Grafana is an open source observability and data visualization platform.
network
low complexity
grafana CWE-522
7.5
7.5
2022-10-13 CVE-2022-39229 Improper Authentication vulnerability in Grafana
Grafana is an open source data visualization platform for metrics, logs, and traces.
network
low complexity
grafana CWE-287
4.3
4.3
2022-09-22 CVE-2022-36062 Improper Preservation of Permissions vulnerability in Grafana
Grafana is an open-source platform for monitoring and observability.
network
low complexity
grafana CWE-281
3.8
3.8
2022-09-20 CVE-2022-35957 Authentication Bypass by Spoofing vulnerability in multiple products
Grafana is an open-source platform for monitoring and observability.
network
high complexity
grafana fedoraproject CWE-290
6.6
6.6
2021-10-05 CVE-2021-39226 Improper Authentication vulnerability in multiple products
Grafana is an open source data visualization platform.
network
low complexity
grafana fedoraproject CWE-287
7.3
7.3
2020-12-21 CVE-2020-27846 Misinterpretation of Input vulnerability in multiple products
A signature verification vulnerability exists in crewjam/saml.
network
low complexity
grafana saml-project redhat fedoraproject CWE-115
critical
 9.8
9.8
2020-10-28 CVE-2020-24303 Cross-site Scripting vulnerability in Grafana
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
network
grafana CWE-79
4.3
4.3
2020-07-27 CVE-2020-11110 Cross-site Scripting vulnerability in multiple products
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
network
low complexity
grafana netapp CWE-79
5.4
5.4