Vulnerabilities > Grafana > Grafana > 5.4.4.priate

DATE CVE VULNERABILITY TITLE RISK
2020-05-24 CVE-2020-13430 Cross-site Scripting vulnerability in Grafana
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
network
low complexity
grafana CWE-79
6.1
6.1
2020-04-29 CVE-2020-12458 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An information-disclosure flaw was found in Grafana through 6.7.3.
local
low complexity
grafana redhat fedoraproject CWE-732
5.5
5.5
2019-09-03 CVE-2019-15043 Missing Authentication for Critical Function vulnerability in Grafana
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use.
network
low complexity
grafana CWE-306
7.5
7.5
2019-06-30 CVE-2019-13068 Cross-site Scripting vulnerability in Grafana
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
network
low complexity
grafana CWE-79
5.4
5.4