| Max CVSS | 6.8 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-13430 | 4.3 |
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
|
28-02-2023 - 15:15 | 24-05-2020 - 18:15 | |
| CVE-2020-13379 | 6.4 |
The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can b
|
29-01-2021 - 16:41 | 03-06-2020 - 19:15 | |
| CVE-2020-7662 | 5.0 |
websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-by
|
23-12-2020 - 18:22 | 02-06-2020 - 19:15 | |
| CVE-2020-12245 | 4.3 |
Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip.
|
10-10-2020 - 18:15 | 24-04-2020 - 21:15 | |
| CVE-2019-11253 | 5.0 |
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CP
|
02-10-2020 - 17:11 | 17-10-2019 - 16:15 | |
| CVE-2020-7660 | 6.8 |
serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".
|
08-06-2020 - 16:35 | 01-06-2020 - 15:15 | |
| CVE-2020-12052 | 4.3 |
Grafana version < 6.7.3 is vulnerable for annotation popup XSS.
|
11-05-2020 - 10:15 | 27-04-2020 - 13:15 | |
| CVE-2019-16769 | 3.5 |
The serialize-javascript npm package before version 2.1.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environmen
|
17-01-2020 - 13:42 | 05-12-2019 - 19:15 |