Moderate severityNVD Advisory· Published Jun 2, 2020· Updated Aug 5, 2024
CVE-2018-18624
CVE-2018-18624
Description
Grafana 5.3.1 has XSS via a column style on the "Dashboard > Table Panel" screen. NOTE: this issue exists because of an incomplete fix for CVE-2018-12099.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Grafana 5.3.1 has a stored XSS in the table panel due to incomplete sanitization of column styles, allowing arbitrary JavaScript execution.
Vulnerability
Overview
CVE-2018-18624 is a stored cross-site scripting (XSS) vulnerability affecting Grafana versions up to 5.3.1. The flaw exists in the table panel's column style functionality, where user-controlled input is not properly sanitized. This issue is a direct result of an incomplete fix for a previous vulnerability, CVE-2018-12099 [1][2].
Exploitation
An attacker with the ability to create or edit dashboards can inject malicious JavaScript into column style fields (e.g., header names or tooltips). When a victim views the affected dashboard, the script executes in their browser. No authentication is required beyond standard dashboard editing permissions [1].
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's Grafana session. This could lead to session hijacking, data exfiltration, or unauthorized actions performed on behalf of the victim [2].
Mitigation
Grafana addressed this vulnerability in a security patch merged in PR #23816 around April 2020 [1]. Users should upgrade to a version containing the fix (e.g., Grafana 6.7.4 or later). There is no workaround, as the fix involves proper sanitization of column style inputs [2][1].
References
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/grafana/grafanaGo | < 7.0.0 | 7.0.0 |
Affected products
252- Grafana/Grafanadescription
- ghsa-coords251 versionspkg:golang/github.com/grafana/grafanapkg:rpm/almalinux/grafanapkg:rpm/almalinux/grafana-azure-monitorpkg:rpm/almalinux/grafana-cloudwatchpkg:rpm/almalinux/grafana-elasticsearchpkg:rpm/almalinux/grafana-graphitepkg:rpm/almalinux/grafana-influxdbpkg:rpm/almalinux/grafana-lokipkg:rpm/almalinux/grafana-mssqlpkg:rpm/almalinux/grafana-mysqlpkg:rpm/almalinux/grafana-opentsdbpkg:rpm/almalinux/grafana-postgrespkg:rpm/almalinux/grafana-prometheuspkg:rpm/almalinux/grafana-stackdriverpkg:rpm/suse/ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-cobbler&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-installer-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-mq&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-opsconsole-ui&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-osconfig&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/ardana-swift&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/cassandra&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/cassandra&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/grafana-natel-discrete-panel&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/grafana-natel-discrete-panel&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-aodh&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-aodh-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-barbican&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-barbican-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-cinder-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-cinder-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-dashboard&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-gnocchi&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-heat-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-ironic-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-ironic-python-agent&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-ironic-python-agent&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-magnum&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-magnum-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-monasca-agent&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-murano&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-murano-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-neutron-gbp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-neutron-vpnaas&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-neutron-vpnaas-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/openstack-sahara&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/openstack-sahara-doc&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-ardana-packager&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-ardana-packager&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-Django1&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Django&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-elementpath&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-elementpath&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-Flask-Cors&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Flask-Cors&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Flask-Cors&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-keystoneclient&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-keystoneclient&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-keystoneclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-keystonemiddleware&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-kombu&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-kombu&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-kombu&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-Pillow&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-straight-plugin&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-straight-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-urllib3&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-urllib3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-xmlschema&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-xmlschema&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/release-notes-hpe-helion-openstack&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-activerecord-session_store&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/storm&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/storm&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
< 7.0.0+ 250 more
- (no CPE)range: < 7.0.0
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 6.7.4-3.el8
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.2.3.0-17.2
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 2.9.14-3.15.1
- (no CPE)range: < 8.0+git.1596735237.54109b1-3.77.1
- (no CPE)range: < 8.0+git.1596735237.54109b1-3.77.1
- (no CPE)range: < 9.0+git.1596813072.110811d-3.25.2
- (no CPE)range: < 8.0+git.1596129856.263f430-3.43.1
- (no CPE)range: < 8.0+git.1596129856.263f430-3.43.1
- (no CPE)range: < 9.0+git.1596129576.0b3d3ce-3.13.2
- (no CPE)range: < 9.0+git.1588258487.3acf8ad-3.16.2
- (no CPE)range: < 8.0+git.1593631779.76fa9b7-3.24.1
- (no CPE)range: < 8.0+git.1593631779.76fa9b7-3.24.1
- (no CPE)range: < 9.0+git.1569535129.ca87ef0-3.13.2
- (no CPE)range: < 8.0+git.1593618123.678c32b-3.26.1
- (no CPE)range: < 8.0+git.1593618123.678c32b-3.26.1
- (no CPE)range: < 9.0+git.1615223676.777f0b3-3.25.2
- (no CPE)range: < 8.0+git.1601298847.dd01585-3.42.1
- (no CPE)range: < 8.0+git.1601298847.dd01585-3.42.1
- (no CPE)range: < 9.0+git.1566593422.813e56c-4.13.2
- (no CPE)range: < 8.0+git.1595885113.93abcbc-3.49.1
- (no CPE)range: < 8.0+git.1595885113.93abcbc-3.49.1
- (no CPE)range: < 9.0+git.1597427032.a062830-3.19.2
- (no CPE)range: < 9.0+git.1618235096.90974ed-3.10.2
- (no CPE)range: < 3.11.10-3.3.3
- (no CPE)range: < 3.11.10-3.3.3
- (no CPE)range: < 4.0+git.1600767499.0615a418f-9.69.3
- (no CPE)range: < 5.0+git.1600432272.b3ad722f0-3.44.1
- (no CPE)range: < 6.0+git.1598519900.770074aa7-3.28.4
- (no CPE)range: < 4.0+git.1599037255.25b759234-9.74.4
- (no CPE)range: < 5.0+git.1599037158.5c4d07480-4.43.1
- (no CPE)range: < 6.0+git.1616146717.a89ae0f4e-3.34.4
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 8.20201007-1.29.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-1.17.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-3.17.1
- (no CPE)range: < 6.7.4-4.12.1
- (no CPE)range: < 6.7.4-3.17.1
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-1.6.5
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-4.3.3
- (no CPE)range: < 0.0.9-3.3.6
- (no CPE)range: < 0.0.9-4.3.3
- (no CPE)range: < 4.6.6-4.9.2
- (no CPE)range: < 4.6.6-4.9.2
- (no CPE)range: < 3.0.5~dev2-2.11.2
- (no CPE)range: < 3.0.5~dev2-2.11.1
- (no CPE)range: < 3.0.1~dev9-2.12.4
- (no CPE)range: < 3.0.1~dev9-2.12.2
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 9.1.5~dev6-4.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 13.0.10~dev16-3.25.3
- (no CPE)range: < 11.2.3~dev29-3.28.2
- (no CPE)range: < 13.0.10~dev16-3.25.3
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 9.1.5~dev6-4.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 11.2.3~dev29-3.28.1
- (no CPE)range: < 14.1.1~dev7-3.18.3
- (no CPE)range: < 14.1.1~dev7-3.18.3
- (no CPE)range: < 3.0.7~dev1-2.8.2
- (no CPE)range: < 7.0.7~dev10-5.17.3
- (no CPE)range: < 7.0.7~dev10-5.17.2
- (no CPE)range: < 6.2.5~dev3-2.8.2
- (no CPE)range: < 11.1.5~dev16-3.22.3
- (no CPE)range: < 11.1.5~dev16-3.22.3
- (no CPE)range: < 6.2.5~dev3-2.8.2
- (no CPE)range: < 3.3.4~dev5-3.16.2
- (no CPE)range: < 3.3.4~dev5-3.16.2
- (no CPE)range: < 3.3.2~dev7-14.14.4
- (no CPE)range: < 3.3.2~dev7-14.14.2
- (no CPE)range: < 3.0.1~dev30-4.17.2
- (no CPE)range: < 7.4.2~dev54-4.27.3
- (no CPE)range: < 7.4.2~dev54-4.27.3
- (no CPE)range: < 3.0.1~dev30-4.17.1
- (no CPE)range: < 1.10.1~dev4-13.3
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 20190923_16.32-3.15.1
- (no CPE)range: < 3.0.1~dev21-7.5.3
- (no CPE)range: < 3.0.1~dev21-7.5.1
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 9.4.2~dev21-7.43.2
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 13.0.8~dev95-3.28.3
- (no CPE)range: < 11.0.9~dev69-3.37.2
- (no CPE)range: < 13.0.8~dev95-3.28.3
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 9.4.2~dev21-7.43.1
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 11.0.9~dev69-3.37.1
- (no CPE)range: < 12.0.1~dev29-3.25.3
- (no CPE)range: < 12.0.1~dev29-3.25.3
- (no CPE)range: < 9.0.1~dev8-5.8.2
- (no CPE)range: < 9.0.1~dev8-5.8.2
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 14.0.11~dev13-4.45.3
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 18.3.1~dev54-3.28.3
- (no CPE)range: < 16.1.9~dev76-3.39.2
- (no CPE)range: < 18.3.1~dev54-3.28.3
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 14.0.11~dev13-4.45.2
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 16.1.9~dev76-3.39.1
- (no CPE)range: < 5.0.2~dev3-14.3
- (no CPE)range: < 5.0.2~dev3-14.1
- (no CPE)range: < 0.0.3-7.7.2
- (no CPE)range: < 0.0.3-7.7.2
- (no CPE)range: < 1.11.29-3.25.1
- (no CPE)range: < 1.11.29-3.25.1
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.11.29-3.19.2
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 1.3.1-1.3.2
- (no CPE)range: < 3.0.3-3.3.1
- (no CPE)range: < 3.0.3-3.3.1
- (no CPE)range: < 3.0.3-4.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 3.13.1-3.3.2
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.17.1-5.3.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.1.0-3.7.1
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 2.8.1-4.17.2
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 4.2.1-3.9.2
- (no CPE)range: < 1.5.4-3.3.2
- (no CPE)range: < 1.5.4-3.3.2
- (no CPE)range: < 4.5.0-4.6.2
- (no CPE)range: < 4.5.0-4.6.2
- (no CPE)range: < 1.5.0-1.3.1
- (no CPE)range: < 1.5.0-1.3.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.22-5.12.1
- (no CPE)range: < 1.0.18-1.3.2
- (no CPE)range: < 1.0.18-1.3.2
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 8.20200922-3.23.1
- (no CPE)range: < 0.1.2-4.3.2
- (no CPE)range: < 3.9.3-7.23.1
- (no CPE)range: < 3.9.3-1.1
- (no CPE)range: < 3.9.3-3.9.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.3.4
- (no CPE)range: < 1.2.3-3.6.1
- (no CPE)range: < 1.2.3-3.3.4
- (no CPE)range: < 5.1.1~dev7-12.28.1
- (no CPE)range: < 5.1.1~dev7-12.28.1
- (no CPE)range: < 5.0.2~dev3-12.29.1
- (no CPE)range: < 5.0.2~dev3-12.29.1
- (no CPE)range: < 7.0.1~dev24-3.23.1
- (no CPE)range: < 9.0.8~dev7-12.26.1
- (no CPE)range: < 9.0.8~dev7-12.26.1
- (no CPE)range: < 11.2.3~dev29-14.30.1
- (no CPE)range: < 11.2.3~dev29-14.30.1
- (no CPE)range: < 13.0.10~dev16-3.22.3
- (no CPE)range: < 5.0.3~dev7-12.27.1
- (no CPE)range: < 5.0.3~dev7-12.27.1
- (no CPE)range: < 7.0.2~dev2-3.23.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.24.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.24.1
- (no CPE)range: < 15.0.3~dev3-12.27.1
- (no CPE)range: < 15.0.3~dev3-12.27.1
- (no CPE)range: < 17.0.1~dev30-3.21.1
- (no CPE)range: < 9.0.8~dev22-12.29.1
- (no CPE)range: < 9.0.8~dev22-12.29.1
- (no CPE)range: < 11.0.4~dev4-3.23.1
- (no CPE)range: < 12.0.5~dev3-14.32.1
- (no CPE)range: < 14.1.1~dev7-4.21.3
- (no CPE)range: < 12.0.5~dev3-14.32.1
- (no CPE)range: < 9.1.8~dev8-12.29.1
- (no CPE)range: < 9.1.8~dev8-12.29.1
- (no CPE)range: < 11.1.5~dev16-4.17.2
- (no CPE)range: < 12.0.4~dev11-11.30.1
- (no CPE)range: < 12.0.4~dev11-11.30.1
- (no CPE)range: < 14.2.1~dev4-3.24.3
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.28.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.28.1
- (no CPE)range: < 7.2.1~dev1-4.23.1
- (no CPE)range: < 5.1.1~dev5-12.33.1
- (no CPE)range: < 5.1.1~dev5-12.33.1
- (no CPE)range: < 7.4.2~dev54-3.23.2
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.24.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.24.1
- (no CPE)range: < 1.8.2~dev3-3.23.2
- (no CPE)range: < 2.2.2~dev1-11.24.1
- (no CPE)range: < 2.2.2~dev1-11.24.1
- (no CPE)range: < 2.7.1~dev10-3.21.1
- (no CPE)range: < 4.0.2~dev2-12.24.1
- (no CPE)range: < 4.0.2~dev2-12.24.1
- (no CPE)range: < 11.0.9~dev69-13.32.1
- (no CPE)range: < 11.0.9~dev69-13.32.1
- (no CPE)range: < 13.0.8~dev95-6.21.3
- (no CPE)range: < 16.1.9~dev76-11.30.1
- (no CPE)range: < 16.1.9~dev76-11.30.1
- (no CPE)range: < 18.3.1~dev54-3.21.2
- (no CPE)range: < 1.0.6~dev3-12.29.1
- (no CPE)range: < 1.0.6~dev3-12.29.1
- (no CPE)range: < 3.2.3~dev7-4.23.1
- (no CPE)range: < 7.0.5~dev4-11.28.1
- (no CPE)range: < 7.0.5~dev4-11.28.1
- (no CPE)range: < 9.0.2~dev15-3.23.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.21.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.21.1
- (no CPE)range: < 2.19.2~dev48-2.18.1
- (no CPE)range: < 8.0.2~dev2-11.28.1
- (no CPE)range: < 8.0.2~dev2-11.28.1
Patches
10284747c88ebTablePanel: Fix XSS issue in header column rename (#23816)
1 file changed · +2 −2
public/app/plugins/panel/table-old/renderer.ts+2 −2 modified@@ -56,7 +56,7 @@ export class TableRenderer { column.style = style; if (style.alias) { - column.title = column.text.replace(regex, style.alias); + column.title = textUtil.escapeHtml(column.text.replace(regex, style.alias)); } break; @@ -300,7 +300,7 @@ export class TableRenderer { const cellLink = this.templateSrv.replace(column.style.linkUrl, scopedVars, encodeURIComponent); const sanitizedCellLink = textUtil.sanitizeUrl(cellLink); - const cellLinkTooltip = this.templateSrv.replace(column.style.linkTooltip, scopedVars); + const cellLinkTooltip = textUtil.escapeHtml(this.templateSrv.replace(column.style.linkTooltip, scopedVars)); const cellTarget = column.style.linkTargetBlank ? '_blank' : ''; cellClasses.push('table-panel-cell-link');
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-9hv8-4frf-cprfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-18624ghsaADVISORY
- github.com/grafana/grafana/commit/0284747c88eb9435899006d26ffaf65f89dec88eghsaWEB
- github.com/grafana/grafana/pull/11813ghsax_refsource_MISCWEB
- github.com/grafana/grafana/pull/23816ghsaWEB
- security.netapp.com/advisory/ntap-20200608-0008ghsaWEB
- security.netapp.com/advisory/ntap-20200608-0008/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.