CVE-2015-9282

The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
grafanapiechart-panel
𝑥
≤ 1.3.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/grafana/grafana/issues/4117
https://github.com/grafana/piechart-panel/issues/3
https://github.com/grafana/piechart-panel/pull/163
https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html
https://github.com/grafana/grafana/issues/4117
https://github.com/grafana/piechart-panel/issues/3
https://github.com/grafana/piechart-panel/pull/163
https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html