Vulnerabilities > Grafana > Grafana > 5.4.4.priate
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-24 | CVE-2020-13430 | Cross-site Scripting vulnerability in Grafana Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. | 6.1 |
2020-04-29 | CVE-2020-12458 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An information-disclosure flaw was found in Grafana through 6.7.3. | 5.5 |
2020-04-27 | CVE-2020-12052 | Cross-site Scripting vulnerability in Grafana Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | 6.1 |
2020-04-24 | CVE-2020-12245 | Cross-site Scripting vulnerability in Grafana Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. | 6.1 |
2019-09-03 | CVE-2019-15043 | Missing Authentication for Critical Function vulnerability in Grafana In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. | 7.5 |
2019-06-30 | CVE-2019-13068 | Cross-site Scripting vulnerability in Grafana public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). | 5.4 |