Vulnerabilities > Grafana
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-06 | CVE-2015-9282 | Cross-site Scripting vulnerability in Grafana Piechart-Panel The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. | 4.3 |
| 2018-12-20 | CVE-2018-1000816 | Cross-site Scripting vulnerability in Grafana 5.2.4/5.3.0 Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. | 3.5 |
| 2018-12-13 | CVE-2018-19039 | Information Exposure vulnerability in multiple products Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | 4.0 |
| 2018-08-29 | CVE-2018-15727 | Improper Authentication vulnerability in multiple products Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user. | 7.5 |
| 2018-06-11 | CVE-2018-12099 | Cross-site Scripting vulnerability in multiple products Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | 4.3 |