{"vulnerability": "CVE-2020-11110", "sightings": [{"uuid": "a73daf5b-fa8c-4916-89c3-520400ab97c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "seen", "source": "https://t.me/arpsyndicate/2609", "content": "#ExploitObserverAlert\n\nCVE-2020-11110\n\nDESCRIPTION: Exploit Observer has 10 entries related to CVE-2020-11110. Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.\n\nFIRST-EPSS: 0.005120000\nNVD-IS: 2.7\nNVD-ES: 2.3", "creation_timestamp": "2024-01-07T03:27:04.000000Z"}, {"uuid": "93c64d0e-a90a-4aee-9603-46d4147a9040", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/5474", "content": "Exploit CVE-2020-11110 Grafana Stored XSS\n\nhttps://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html", "creation_timestamp": "2021-06-19T00:23:22.000000Z"}, {"uuid": "88948896-8a89-45a9-ac92-573a5ee804f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/9743", "content": "#exploit\n1. CVE-2023-31446:\nDodge OPTIFY RCE\nhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution\n\n2. CVE-2020-11110:\nGrafana Stored CSS\nhttps://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept/tree/main\n\n3.\u00a0CVE-2023-51467:\nApache Ofbiz Exploit\nhttps://github.com/JaneMandy/CVE-2023-51467-Exploit", "creation_timestamp": "2024-01-07T22:09:15.000000Z"}, {"uuid": "c80b8e16-0230-42e6-bd97-523709483c57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "seen", "source": "https://t.me/cibsecurity/13673", "content": "ATENTION\u203c New - CVE-2020-11110\n\nGrafana through 6.7.1 allows stored XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-07-27T16:55:21.000000Z"}, {"uuid": "4da4dbc1-6f86-4fe0-af65-f014cc7330fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2439", "content": "#exploit\n1. CVE-2023-31446:\nDodge OPTIFY RCE\nhttps://github.com/Dodge-MPTC/CVE-2023-31446-Remote-Code-Execution\n\n2. CVE-2020-11110:\nGrafana Stored CSS\nhttps://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept/tree/main\n\n3.\u00a0CVE-2023-51467:\nApache Ofbiz Exploit\nhttps://github.com/JaneMandy/CVE-2023-51467-Exploit", "creation_timestamp": "2024-08-16T09:01:19.000000Z"}, {"uuid": "316dbb06-be35-4a2c-8242-6ebd9ed54ca4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-11110", "type": "seen", "source": "https://t.me/bhhub/403", "content": "#BugBountyTips of the Day\n\ud83d\udca5 RCE in PHP 8.1.0-dev! \ud83d\udca5  Nuclei Template available for FREE Preview and Download \ud83d\udc47 Be Fast! We have compiled them in one place here -  https://t.co/GoNbqa9gkD  @shifacyclewala  #bugbounty #hacktify #infosec #hackwithautomation  https://t.co/4epTfuFHWS\n---\n\ud83d\udd0d Still trying to find your first domain/subdomain takeover vulnerability? Go to  https://t.co/ORujp6DSp7 for a curated DNS takeover list.   Thanks @streaak for this #bugbountytip!   #bugbountytips  https://t.co/kSHY0WbSyo\n---\nAfter dedicating complete 5 months, I just crossed 500 reputation points on @Hacker0x01 !   \"In life you don\u2019t get what you want, you get what you work for.\"  #TogetherWeHitHarder #bugbounty #infosec #hackerone  https://t.co/xKUCzleZz8\n---\nCVE-2020-11110 Grafana XSS stored   #xss #bugbountytips #grafana  https://t.co/5YxHPhEb7f\n---\nEl Webinar Gratuito: \"Atacar Contrase\u00f1as con Kali Linux\" est\u00e1 disponible en video. #hacking #cybersecurity #bugbounty #osint #forensics ->  https://t.co/pS8qeeLKya  https://t.co/Q3uuuZxRVs", "creation_timestamp": "2021-06-20T13:37:04.000000Z"}]}