CVE-2025-2703

MEDIUM6.8EPSS 0.04%

發布日:2025/4/25修改日:2025/6/11

描述

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

受影響套件(1)

Bitnami/grafana>= 11.2.0, < 11.5.3, >= 11.6.0, < 11.6.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

參考連結(3)

WEBhttps://grafana.com/security/security-advisories/cve-2025-2703
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-2703
WEBhttps://www.sonarsource.com/blog/data-in-danger-detecting-xss-in-grafana-cve-2025-2703/