Grafana -- Stored XSS in TraceView panel
Grafana Labs reports:
During an internal audit of Grafana on January 30, a member
of the engineering team found a stored XSS vulnerability affecting
The stored XSS vulnerability was possible because the value of a span’s
attributes/resources were not properly sanitized, and this will be rendered
when the span’s attributes/resources are expanded.
The CVSS score for this vulnerability is 7.3 High
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright