vulnerability
FreeBSD: VID-e7841611-b808-11ed-b695-6c3be5272acd (CVE-2023-0594): Grafana -- Stored XSS in TraceView panel
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:M/Au:S/C:C/I:C/A:N) | Mar 1, 2023 | Mar 4, 2023 | Dec 10, 2025 |
Severity
8
CVSS
(AV:N/AC:M/Au:S/C:C/I:C/A:N)
Published
Mar 1, 2023
Added
Mar 4, 2023
Modified
Dec 10, 2025
Description
Grafana Labs reports: During an internal audit of Grafana on January 30, a member of the engineering team found a stored XSS vulnerability affecting the TraceView panel. The stored XSS vulnerability was possible because the value of a span’s attributes/resources were not properly sanitized, and this will be rendered when the span’s attributes/resources are expanded. The CVSS score for this vulnerability is 7.3 High (CVSS:7.3/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N).
Solutions
freebsd-upgrade-package-grafanafreebsd-upgrade-package-grafana8freebsd-upgrade-package-grafana9
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.