Grafana <=6.2.4 - HTML Injection
Author: SimranJeet Singh
type: webapps
platform: typescript
port:
date_added: 2023-03-27
date_updated: 2023-06-09
verified: 1
codes: CVE-2019-13068
tags:
aliases:
screenshot_url:
application_url:
raw file: 51073.txt
type: webapps
platform: typescript
port:
date_added: 2023-03-27
date_updated: 2023-06-09
verified: 1
codes: CVE-2019-13068
tags:
aliases:
screenshot_url:
application_url:
raw file: 51073.txt
# Exploit Title: Grafana <=6.2.4 - HTML Injection # Date: 30-06-2019 # Exploit Author: SimranJeet Singh # Vendor Homepage: https://grafana.com/ # Software Link: https://grafana.com/grafana/download/6.2.4 # Version: 6.2.4 # CVE : CVE-2019-13068 The uri "public/app/features/panel/panel_ctrl.ts" in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field) Payload used - <img src="[image_URL]"><h1>Hello</h1>
Copyright © 2024 Irfan TOOR all rights reserved.