-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stemmed from dashboard snapshot originalUrl values being rendered without sanitization in href attributes. The commit fb114a7 specifically added sanitizeUrl() to the snapshotUrl usage in DashNav.tsx, indicating this was the vulnerable path. The lack of URL sanitization in the original code allowed execution of arbitrary JavaScript through crafted URLs.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/grafana/grafana | go | <= 6.7.1 | 6.7.2 |