Vulnerabilities > Grafana > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-24 | CVE-2020-13429 | Cross-site Scripting vulnerability in Grafana Piechart-Panel legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option. | 5.4 |
| 2020-04-29 | CVE-2020-12459 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. | 5.5 |
| 2020-04-29 | CVE-2020-12458 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An information-disclosure flaw was found in Grafana through 6.7.3. | 5.5 |
| 2020-04-27 | CVE-2020-12052 | Cross-site Scripting vulnerability in Grafana Grafana version < 6.7.3 is vulnerable for annotation popup XSS. | 6.1 |
| 2020-04-24 | CVE-2020-12245 | Cross-site Scripting vulnerability in Grafana Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip. | 6.1 |
| 2019-09-23 | CVE-2019-15635 | Insufficiently Protected Credentials vulnerability in Grafana 5.4.0 An issue was discovered in Grafana 5.4.0. | 4.9 |
| 2019-06-30 | CVE-2019-13068 | Cross-site Scripting vulnerability in Grafana public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). | 5.4 |
| 2019-02-06 | CVE-2015-9282 | Cross-site Scripting vulnerability in Grafana Piechart-Panel The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. | 6.1 |
| 2018-12-20 | CVE-2018-1000816 | Cross-site Scripting vulnerability in Grafana 5.2.4/5.3.0 Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. | 5.4 |
| 2018-12-13 | CVE-2018-19039 | Information Exposure vulnerability in multiple products Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | 6.5 |