Vulnerabilities > Grafana > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-30 | CVE-2019-13068 | Cross-site Scripting vulnerability in Grafana public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field). | 5.4 |
| 2019-02-06 | CVE-2015-9282 | Cross-site Scripting vulnerability in Grafana Piechart-Panel The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. | 4.3 |
| 2018-12-13 | CVE-2018-19039 | Information Exposure vulnerability in multiple products Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions. | 4.0 |
| 2018-06-11 | CVE-2018-12099 | Cross-site Scripting vulnerability in multiple products Grafana before 5.2.0-beta1 has XSS vulnerabilities in dashboard links. | 4.3 |