CVE-2018-1000816 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-1000816 Interim 1 10 2025-02-17T02:26:49Z current 2021-05-30T14:20:46Z 2025-02-17T02:26:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-1000816 Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Manager Client Tools for SLE 12 SUSE Manager Client Tools for SLE 15 SUSE Manager Tools 15 SP1 SUSE OpenStack Cloud 7 grafana grafana as a component of SUSE Manager Client Tools for SLE 12 grafana as a component of SUSE Manager Client Tools for SLE 15 grafana as a component of SUSE Manager Tools 15 SP1 grafana as a component of SUSE OpenStack Cloud 7 Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.. CVE-2018-1000816 SUSE Manager Client Tools for SLE 12:grafana SUSE Manager Client Tools for SLE 15:grafana SUSE Manager Tools 15 SP1:grafana SUSE OpenStack Cloud 7:grafana moderate 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N