Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix.
rhceph/keepalived Red Hat / RHEL
Fixed in: rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x RHSA-2023:7741 Fixed in: rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le RHSA-2023:7741 Fixed in: rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64 RHSA-2023:7741 rhceph/keepalived Rocky
Fixed in: rhel9@sha256:e12cb06f04ac2870d5c387612f4aab65438c4b8044337ab8c55e924dc273ee6b_ppc64le RHSA-2023:7741 Fixed in: rhel9@sha256:49e943d69210eb9f4218272f64cc2b9a100bb52416784c417b241c7dcd0eeb23_amd64 RHSA-2023:7741 Fixed in: rhel9@sha256:561fba3667ff302316ecef3dc7a80202ec5b854b347e4cbc5d2d4a2ad4419ed3_s390x RHSA-2023:7741 rhceph/rhceph Rocky
Fixed in: promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64 RHSA-2023:7741 Fixed in: promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x RHSA-2023:7741 Fixed in: 6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x RHSA-2023:7741 Fixed in: haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x RHSA-2023:7741 Fixed in: 6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64 RHSA-2023:7741 Fixed in: haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64 RHSA-2023:7741 Fixed in: promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le RHSA-2023:7741 Fixed in: 6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le RHSA-2023:7741 Fixed in: haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le RHSA-2023:7741 rhceph/rhceph Red Hat / RHEL
Fixed in: promtail-rhel9@sha256:93b546b7d97fd7fdaf9aef486218350817697a6237cbc3ff512eef40ef772a3a_s390x RHSA-2023:7741 Fixed in: 6-rhel9@sha256:f3eb950ff155132b8d113853d05a917a4e949fa80156bbbdda8e61a5a7d18799_s390x RHSA-2023:7741 Fixed in: haproxy-rhel9@sha256:6f6ed4e34b8450b5af74cab6bab790013006269cb997883fc50f5c20c1f5dd8d_s390x RHSA-2023:7741 Fixed in: promtail-rhel9@sha256:d6233ee14663867808ca616c9327278af99e0439f0781b548be35e6ab5777de2_amd64 RHSA-2023:7741 Fixed in: 6-rhel9@sha256:0809ac10fd225656d8fec0002f71c41f7a07d9c5be0c0affd5740cdae43efcf8_amd64 RHSA-2023:7741 Fixed in: haproxy-rhel9@sha256:04e7e7a046da793f667daa0d1eb8dc90ea984dcd1bdefc8a7b96441a6251b280_amd64 RHSA-2023:7741 Fixed in: promtail-rhel9@sha256:9276234cb0599b75d0adc88c7b1882ff3da6742306a30f26dade3f9bde06ec7e_ppc64le RHSA-2023:7741 Fixed in: 6-rhel9@sha256:6c58ed8e6779027d62bca2dab2de0336ee630257dc903c0ff8069ec986395f47_ppc64le RHSA-2023:7741 Fixed in: haproxy-rhel9@sha256:fd567a237640c49c3cb5d392aa995069eb6d7398bffb2fe982f57563b640d630_ppc64le RHSA-2023:7741 rhceph/rhceph-6 Red Hat / RHEL
Fixed in: dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x RHSA-2023:7741 Fixed in: dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64 RHSA-2023:7741 Fixed in: dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le RHSA-2023:7741 rhceph/rhceph-6 Rocky
Fixed in: dashboard-rhel9@sha256:ba574717bd9890dcf1677c9b56d45a2047bb1f6a72a0bb5b8e38c6f3f2db4884_amd64 RHSA-2023:7741 Fixed in: dashboard-rhel9@sha256:4dc1e2ace5946178fae29c87e2f86467594833e27ddfef8a005273eb9a1bee45_s390x RHSA-2023:7741 Fixed in: dashboard-rhel9@sha256:72ebf29aa3a85cf49949379958744a699e1f572f79abf75e7cb8094ceecf074e_ppc64le RHSA-2023:7741 rhceph/snmp Red Hat / RHEL
Fixed in: notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le RHSA-2023:7741 Fixed in: notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x RHSA-2023:7741 Fixed in: notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64 RHSA-2023:7741 rhceph/snmp Rocky
Fixed in: notifier-rhel9@sha256:ca759591794df7f94b67bf798d7d27dd6d2b45d49b8ef8511e2bf51f78672d7e_amd64 RHSA-2023:7741 Fixed in: notifier-rhel9@sha256:a47193626427bfe8f686c9f591248d082271c0d20aed96aa268bf7a03b9123d8_s390x RHSA-2023:7741 Fixed in: notifier-rhel9@sha256:39e1eb86a6cc6eaa31018a13f86bbb676ec26250d5daf116e3be6d6d194bfe42_ppc64le RHSA-2023:7741 GrafanaEnterprise Windows application
GrafanaOSS Windows application
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity High
Privileges Required High
User Interaction Required
Scope Changed
Impact
Confidentiality High
Integrity Low
Availability None
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N
0.95% probability of exploitation in 30 days
57th percentile
Moderate risk: more likely to be exploited than 57% of all known CVEs.
Other CWE-79 (Cross-Site Scripting (XSS)) vulnerabilities, ordered by exploit likelihood. View all
Embed a live status badge for CVE-2023-1410 Markdown
[](https://tridentstack.com/cve/CVE-2023-1410)HTML
<a href="https://tridentstack.com/cve/CVE-2023-1410"><img src="https://tridentstack.com/cve/badge/CVE-2023-1410.svg" alt="CVE-2023-1410"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2025-02-13.