Grafana <=6.2.4 - HTML Injection

Author: SimranJeet Singh
type: webapps
platform: typescript
port: 
date_added: 2023-03-27  
date_updated: 2023-06-09  
verified: 1  
codes: CVE-2019-13068  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 51073.txt  

# Exploit Title: Grafana <=6.2.4 - HTML Injection
# Date: 30-06-2019
# Exploit Author: SimranJeet Singh
# Vendor Homepage: https://grafana.com/
# Software Link: https://grafana.com/grafana/download/6.2.4
# Version: 6.2.4
# CVE : CVE-2019-13068

The uri "public/app/features/panel/panel_ctrl.ts" in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field)

Payload used - <img src="[image_URL]"><h1>Hello</h1>