FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e7841611-b808-11ed-b695-6c3be5272acdGrafana -- Stored XSS in TraceView panel

Grafana Labs reports:

During an internal audit of Grafana on January 30, a member of the engineering team found a stored XSS vulnerability affecting the TraceView panel.

The stored XSS vulnerability was possible because the value of a span’s attributes/resources were not properly sanitized, and this will be rendered when the span’s attributes/resources are expanded.

The CVSS score for this vulnerability is 7.3 High (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).


Discovery 2023-01-30
Entry 2023-03-01
grafana
< 8.5.21

ge 9.0.0 lt 9.2.13

ge 9.3.0 lt 9.3.8

grafana8
< 8.5.21

grafana9
ge 9.0.0 lt 9.2.13

ge 9.3.0 lt 9.3.8

CVE-2023-0594
https://grafana.com/blog/2023/02/28/grafana-security-release-new-versions-with-security-fixes-for-cve-2023-0594-cve-2023-0507-and-cve-2023-22462/