Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2025-2703 - log back

CVE-2025-2703 edited at 24 May 2025 04:31:26

Description

-	The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.
+	A DOM-based Cross-site scripting vulnerability exists in Grafana's built-in XY Chart plugin. This flaw allows an attacker with editor-level privileges to inject and execute arbitrary JavaScript code by editing an XY Chart Panel. The vulnerability bypasses the Content Security Policy, allowing the script to execute when the chart is rendered.

CVE-2025-2703 created at 24 May 2025 04:19:26

Severity

+

Medium

Remote

+

Remote

Type

+	Cross-site scripting

Description

+	The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

References

+	https://github.com/advisories/GHSA-p2mq-5mvf-j4j6
+	https://grafana.com/security/security-advisories/cve-2025-2703/

Notes