Grafana <=6.2.4 html injection Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2023-03-27 | Type : webapps | Platform : typescript
This exploit / vulnerability Grafana <=6.2.4 html injection is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Grafana <=6.2.4 - HTML Injection
# Date: 30-06-2019
# Exploit Author: SimranJeet Singh
# Vendor Homepage: https://grafana.com/
# Software Link: https://grafana.com/grafana/download/6.2.4
# Version: 6.2.4
# CVE : CVE-2019-13068

The uri "public/app/features/panel/panel_ctrl.ts" in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field)

Payload used - <img src="[image_URL]"><h1>Hello</h1>

Grafana <=6.2.4 html injection


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Grafana <=6.2.4 html injection Vulnerability / Exploit