{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-24T06:19:33.327","vulnerabilities":[{"cve":{"id":"CVE-2018-1000816","sourceIdentifier":"cve@mitre.org","published":"2018-12-20T15:29:00.643","lastModified":"2024-11-21T03:40:25.107","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser.. This attack appear to be exploitable via Authenticated user must click on the input field where the payload was previously inserted.."},{"lang":"es","value":"Grafana, en versiones confirmadas para la 5.2.4 y la 5.3.0 contiene una vulnerabilidad Cross-Site Scripting (XSS) en el editor de consultas de Influxdb y Graphite que puede resultar en la ejecución de código js arbitrario en el navegador de la víctima. Este ataque parece ser explotable si un usuario autenticado hace clic en el campo de entrada donde la carga útil se insertó previamente."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:5.2.4:*:*:*:*:*:*:*","matchCriteriaId":"E914E8CE-658C-4A9B-B5D8-F3DCE052B670"},{"vulnerable":true,"criteria":"cpe:2.3:a:grafana:grafana:5.3.0:*:*:*:*:*:*:*","matchCriteriaId":"86BE4AA6-C45B-4CA4-B2D6-27D853E55AF1"}]}]}],"references":[{"url":"https://github.com/grafana/grafana/issues/13667","source":"cve@mitre.org","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/grafana/grafana/issues/13667","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}}]}