Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 821460 (CVE-2021-41174) - <www-apps/grafana-bin-8.2.3: XSS vulnerability
Summary: <www-apps/grafana-bin-8.2.3: XSS vulnerability
Status: CONFIRMED
Alias: CVE-2021-41174
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.openwall.com/lists/oss-se...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on: CVE-2021-41244
Blocks:
  Show dependency tree
 
Reported: 2021-11-03 14:51 UTC by Kenton Groombridge
Modified: 2021-12-08 20:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Kenton Groombridge gentoo-dev 2021-11-03 14:51:31 UTC
A cross-site scripting vulnerability was found in Grafana. An attacker may use this vulnerability to convince an unsuspecting user to visit a specially crafted URL in order to execute arbitrary JavaScript code in the context of the victim's web browser.

Reproducible: Always
Comment 1 John Helmert III gentoo-dev Security 2021-11-03 15:42:18 UTC
Thank you for reporting! Maintainer, please bump to 8.2.3.