Vulnerabilities > Grafana > Grafana > 4.6.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-03 | CVE-2019-15043 | Missing Authentication for Critical Function vulnerability in Grafana In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. | 7.5 |
2019-06-30 | CVE-2019-13068 | Cross-site Scripting vulnerability in Grafana public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). | 5.4 |
2018-06-11 | CVE-2018-12099 | Cross-site Scripting vulnerability in multiple products Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | 4.3 |