CVE-2020-11110
Description
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
NVD
Severity: MEDIUM
CVE ID: CVE-2020-11110
CVSS Score: 5.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Proof Of Concept
Nuclei Templates for CVE-2020-11110
Refrence: Project Discovery GitHub
AVE-Stoik
Proof of concept for CVE-2020-11110, for educational purpose only
Refrence: GitHub