CVE-2020-24303

Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.
Configurations

Configuration 1 (hide)

cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-28 14:15

Updated : 2020-11-23 12:15


NVD link : CVE-2020-24303

Mitre link : CVE-2020-24303


JSON object : View

Products Affected

grafana

  • grafana
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')