VYPR
Moderate severityNVD Advisory· Published Mar 23, 2023· Updated Mar 4, 2025

Stored XSS in Graphite FunctionDescription tooltip

CVE-2023-1410

Description

Grafana is an open-source platform for monitoring and observability.

Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip.

The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized.

An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description.

Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/grafana/grafanaGo
>= 8.0.0, < 8.5.228.5.22
github.com/grafana/grafanaGo
>= 9.3.0, < 9.3.119.3.11
github.com/grafana/grafanaGo
>= 9.4.0, < 9.4.79.4.7
github.com/grafana/grafanaGo
>= 9.0.0, < 9.2.159.2.15

Affected products

81

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.