VDB

CVE-2025-2703

CVE-2025-2703 PUBLISHED

The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.

EPSS 0.04% · 13.2th percentile

Risk Scores

EPSS Score
0.04%
13.2th percentile

Affected Products

VendorProductVersions
Bitnamigrafana11.2.0, 11.6.0
Bitnamigrafana11.2.0, 11.6.0

Timeline

  • Apr 22, 2025 CVE Published
  • Apr 23, 2025 EPSS Score
  • Apr 29, 2025 Coalition ESS Score
  • May 5, 2025 EPSS Score
  • May 17, 2025 EPSS Score
  • May 29, 2025 EPSS Score
  • Jun 11, 2025 EPSS Score
  • Jun 21, 2025 Coalition ESS Score
  • Jun 23, 2025 EPSS Score
  • Jul 5, 2025 EPSS Score
  • Jul 17, 2025 EPSS Score
  • Jul 29, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›