CVE-2025-2703 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-2703 PUBLISHED

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

EPSS 0.05% · 17.3th percentile

Risk Scores

EPSS Score

0.05%

17.3th percentile

Affected Products

Vendor	Product	Versions
Bitnami	grafana	11.2.0, 11.6.0
Bitnami	grafana	11.2.0, 11.6.0

Timeline

Apr 22, 2025 CVE Published
Apr 23, 2025 EPSS Score
Apr 29, 2025 Coalition ESS Score
May 5, 2025 EPSS Score
May 16, 2025 EPSS Score
May 28, 2025 EPSS Score
Jun 8, 2025 EPSS Score
Jun 20, 2025 EPSS Score
Jun 21, 2025 Coalition ESS Score
Jul 2, 2025 EPSS Score
Jul 13, 2025 EPSS Score
Jul 25, 2025 EPSS Score

References

Open in Interactive Console →