CVE-2019-13068 — Vulnetix

CVE-2019-13068 PUBLISHED CVSS 5.400000095367432 MEDIUM

public/app/features/panel/panel_ctrl.ts in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field).

EPSS 4.84% · 89.7th percentile

Risk Scores

CVSS 3.0

5.400000095367432

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS Score

4.84%

89.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	*
grafana	grafana	0
github.com	grafana/grafana	0

Exploit Intelligence

CIRCL exploited: CVE-2019-13068 (circl-sighting)
https://github.com/grafana/grafana/issues/17718 (circl)
https://github.com/grafana/grafana/releases/tag/v6.2.5 (circl)
https://security.netapp.com/advisory/ntap-20190710-0001/ (circl)
http://packetstormsecurity.com/files/171500/Grafana-6.2.4-HTML-Injection.html (circl)

Timeline

Jun 29, 2019 CVE Published
Apr 14, 2021 EPSS Score
Apr 1, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Mar 27, 2023 PoC Published
Nov 21, 2024 CVE Updated
Mar 17, 2025 EPSS Score
Mar 24, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 30, 2025 EPSS Score
Apr 1, 2025 EPSS Score

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›