FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Grafana -- XSS in Grafana Explore stack trace

Affected packages
12.2.0 <= grafana < 12.2.4
12.3.0 <= grafana < 12.3.2

Details

VuXML ID 6cc28c49-58fe-11f1-b525-3c7c3fba4204
Discovery 2026-02-12
Entry 2026-05-26

https://grafana.com/security/security-advisories/cve-2025-41117 reports:

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo do not appear affected whatsoever.

[source]

References

CVE Name CVE-2025-41117
URL https://cveawg.mitre.org/api/cve/CVE-2025-41117

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.