Grafana is vulnerable to XSS attacks through open redirects and path traversal
High severity
GitHub Reviewed
Published
Jul 18, 2025
to the GitHub Advisory Database
•
Updated Jul 20, 2025
Package
Affected versions
< 1.9.2-0.20250521205822-0ba0b99665a9
Patched versions
1.9.2-0.20250521205822-0ba0b99665a9
Description
Published by the National Vulnerability Database
Jul 18, 2025
Published to the GitHub Advisory Database
Jul 18, 2025
Reviewed
Jul 20, 2025
Last updated
Jul 20, 2025
An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.
The open redirect can be chained with path traversal vulnerabilities to achieve XSS.
Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01
References