← back
CVE-2019-13068

CVE-2019-13068

EPSS 51.9%
public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/171500/Grafana-6.2.4-HTML-Injection.htmlunverifiedexploitdbwww.exploit-db.com/exploits/51073unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/171500/Grafana-6.2.4-HTML-Injection.htmlhttps://github.com/grafana/grafana/issues/17718https://github.com/grafana/grafana/releases/tag/v6.2.5https://security.netapp.com/advisory/ntap-20190710-0001/