CVE-2025-2703

Publication date

2025-04-23 11:36:02

Family

GRAFANA

State

PUBLISHED

Description

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.