Vulnerabilities > Grafana > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-06-30 CVE-2019-13068 Cross-site Scripting vulnerability in Grafana
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
network
low complexity
grafana CWE-79
5.4
2019-02-06 CVE-2015-9282 Cross-site Scripting vulnerability in Grafana Piechart-Panel
The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data.
network
grafana CWE-79
4.3
2018-12-13 CVE-2018-19039 Information Exposure vulnerability in multiple products
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
network
low complexity
grafana redhat netapp CWE-200
4.0
2018-06-11 CVE-2018-12099 Cross-site Scripting vulnerability in multiple products
Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links.
4.3