vulnerability
Red Hat: CVE-2025-6023: grafana: Cross Site Scripting in Grafana
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:S/C:C/I:P/A:N) | Jul 22, 2025 | Jul 31, 2025 | Jul 31, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:S/C:C/I:P/A:N)
Published
Jul 22, 2025
Added
Jul 31, 2025
Modified
Jul 31, 2025
Description
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.
The open redirect can be chained with path traversal vulnerabilities to achieve XSS.
Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
Solution
no-fix-redhat-rpm-package
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.