Grafanacubism Panel

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-32117 HIGH This Week

Grafana Cubism Panel versions 0.1.2 and earlier contain a stored cross-site scripting (XSS) vulnerability where dashboard editors can inject malicious javascript: URIs into zoom-link handlers that execute with Grafana origin privileges when viewers interact with the panel. An authenticated attacker with editor permissions can craft a malicious dashboard that executes arbitrary JavaScript in the context of any user who zooms on the affected panel, potentially compromising sensitive data or session tokens.

Grafana XSS Grafanacubism Panel

NVD GitHub VulDB

CVSS 3.1

7.6

EPSS

0.0%

CVE-2026-32117

EPSS 0% CVSS 7.6

HIGH This Week

Grafana Cubism Panel versions 0.1.2 and earlier contain a stored cross-site scripting (XSS) vulnerability where dashboard editors can inject malicious javascript: URIs into zoom-link handlers that execute with Grafana origin privileges when viewers interact with the panel. An authenticated attacker with editor permissions can craft a malicious dashboard that executes arbitrary JavaScript in the context of any user who zooms on the affected panel, potentially compromising sensitive data or session tokens.

Grafana XSS Grafanacubism Panel

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy