CVE-2025-2703 Information

Description

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability.

A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

Reference

https://grafana.com/security/security-advisories/cve-2025-2703