Vulnerabilities > Grafana > Grafana > 1.6.0

DATE CVE VULNERABILITY TITLE RISK
2020-10-28 CVE-2020-24303 Cross-site Scripting vulnerability in Grafana
Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
network
grafana CWE-79
4.3
4.3
2020-08-28 CVE-2019-19499 SQL Injection vulnerability in Grafana
Grafana <= 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations.
network
low complexity
grafana CWE-89
4.0
4.0
2020-07-27 CVE-2020-11110 Cross-site Scripting vulnerability in multiple products
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
network
low complexity
grafana netapp CWE-79
5.4
5.4
2020-05-24 CVE-2020-13430 Cross-site Scripting vulnerability in Grafana
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
network
low complexity
grafana CWE-79
6.1
6.1
2020-04-29 CVE-2020-12458 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An information-disclosure flaw was found in Grafana through 6.7.3.
local
low complexity
grafana redhat fedoraproject CWE-732
5.5
5.5
2020-04-27 CVE-2020-12052 Cross-site Scripting vulnerability in Grafana
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
network
grafana CWE-79
4.3
4.3
2020-04-24 CVE-2020-12245 Cross-site Scripting vulnerability in Grafana
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
network
grafana CWE-79
4.3
4.3
2019-06-30 CVE-2019-13068 Cross-site Scripting vulnerability in Grafana
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
network
low complexity
grafana CWE-79
5.4
5.4
2018-12-13 CVE-2018-19039 Information Exposure vulnerability in multiple products
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
network
low complexity
grafana redhat netapp CWE-200
4.0
4.0
2018-06-11 CVE-2018-12099 Cross-site Scripting vulnerability in multiple products
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. 		4.3
4.3