CVE-2015-9282 Information

Description

The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/grafana/grafana/issues/4117 https://github.com/grafana/piechart-panel/issues/3 https://github.com/grafana/piechart-panel/pull/163 https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1