| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-13068 | 4.3 |
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
|
27-03-2023 - 18:15 | 30-06-2019 - 00:15 | |
| CVE-2020-13430 | 4.3 |
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
|
28-02-2023 - 15:15 | 24-05-2020 - 18:15 | |
| CVE-2019-15043 | 5.0 |
In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.
|
04-10-2020 - 18:15 | 03-09-2019 - 12:15 |