CVE-2025-2703

CVSS 6.8 MEDIUMEPSS 10.6%CWE-79

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L

Produtos afetados

Grafana · Grafana Grafana · Grafana Enterprise

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://grafana.com/security/security-advisories/cve-2025-2703 https://www.sonarsource.com/blog/data-in-danger-detecting-xss-in-grafana-cve-2025-2703/