cve/CVE-2020-11110.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

POC

Reference

https://github.com/grafana/grafana/blob/master/CHANGELOG.md
https://github.com/grafana/grafana/blob/master/CHANGELOG.md

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/ARPSyndicate/kenzer-templates
https://github.com/AVE-Stoik/CVE-2020-11110-Proof-of-Concept
https://github.com/NarbehJackson/Java-Xss-minitwit16
https://github.com/NarbehJackson/XSS-Python-Lab
https://github.com/kh4sh3i/Grafana-CVE

1.0 KiB Raw Blame History

CVE-2020-11110

Description

POC

Reference

Github

1.0 KiB

Raw Blame History