CVE-2025-2703 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Cross-site scripting
Description	A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor-level privileges to inject and execute arbitrary JavaScript code by editing an XY Chart Panel. The vulnerability bypasses the Content Security Policy, allowing the script to execute when the chart is rendered.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2884	grafana	11.6.1-1		Medium	Vulnerable

References
https://github.com/advisories/GHSA-p2mq-5mvf-j4j6 https://grafana.com/security/security-advisories/cve-2025-2703/