CVE-2020-11110

Description

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.

NVD
Severity: MEDIUM
CVE ID: CVE-2020-11110
CVSS Score: 5.4
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2020-11110

Refrence: Project Discovery GitHub

AVE-Stoik

Proof of concept for CVE-2020-11110, for educational purpose only

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept