Home

CVE-2018-1000816

Description

Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted..

Risk Information

Base Score
5.4
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.444

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2018-1000816 are affected in GrafanaEnterprise 5.2.4Windows
Vulnerabilities CVE-2018-1000816 are affected in GrafanaEnterprise 5.3.0Windows

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-335779GrafanaEnterprise (10.3.1)
PATCH-335779GrafanaEnterprise (10.3.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234