-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/grafana/grafana | go | < 6.2.5 | 6.2.5 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from insecure HTML construction in panel drilldown link generation. The GitHub issue #17718 specifically points to line 269 in panel_ctrl.ts where link HTML is built using string concatenation without escaping. The patch in 6.2.5 added proper HTML escaping for these fields, confirming the vulnerable pattern was in the link generation logic handled by PanelCtrl. The direct interpolation of user-controlled input into DOM elements without sanitization matches the XSS vulnerability pattern described in CWE-79.
GoGoKEV Misses 88% of Exploited CVEs- Get the report