Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/grafana@7.5.11-6?arch=el8_6
Typerpm
Namespaceredhat
Namegrafana
Version7.5.11-6
Qualifiers
arch el8_6
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-ss32-rtp3-zufc
vulnerability_id VCID-ss32-rtp3-zufc
summary 
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin
A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.

The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4123.json
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4123.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4123
reference_id
reference_type
scores
0
value 0.02887
scoring_system epss
scoring_elements 0.86273
published_at 2026-04-07T12:55:00Z
1
value 0.02887
scoring_system epss
scoring_elements 0.86301
published_at 2026-04-09T12:55:00Z
2
value 0.02887
scoring_system epss
scoring_elements 0.86291
published_at 2026-04-08T12:55:00Z
3
value 0.0387
scoring_system epss
scoring_elements 0.88242
published_at 2026-04-16T12:55:00Z
4
value 0.0387
scoring_system epss
scoring_elements 0.88228
published_at 2026-04-13T12:55:00Z
5
value 0.0387
scoring_system epss
scoring_elements 0.88236
published_at 2026-04-11T12:55:00Z
6
value 0.0387
scoring_system epss
scoring_elements 0.88265
published_at 2026-04-26T12:55:00Z
7
value 0.0387
scoring_system epss
scoring_elements 0.8826
published_at 2026-04-24T12:55:00Z
8
value 0.0387
scoring_system epss
scoring_elements 0.88241
published_at 2026-04-21T12:55:00Z
9
value 0.06301
scoring_system epss
scoring_elements 0.9091
published_at 2026-04-02T12:55:00Z
10
value 0.08544
scoring_system epss
scoring_elements 0.9237
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4123
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/grafana/grafana
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana
4
reference_url https://github.com/grafana/grafana/commit/c7a690348df761d41b659224cbc50a46a0c0e4cc
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/grafana/grafana/commit/c7a690348df761d41b659224cbc50a46a0c0e4cc
5
reference_url https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580
6
reference_url https://grafana.com/security/security-advisories/cve-2025-4123
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://grafana.com/security/security-advisories/cve-2025-4123
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-4123
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-4123
8
reference_url https://pkg.go.dev/vuln/GO-2025-3702
reference_id
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2025-3702
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2364632
reference_id 2364632
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2364632
10
reference_url https://grafana.com/security/security-advisories/cve-2025-4123/
reference_id cve-2025-4123
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T13:21:28Z/
url https://grafana.com/security/security-advisories/cve-2025-4123/
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52491.txt
reference_id CVE-2025-4123
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52491.txt
12
reference_url https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/
reference_id grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580
reference_type
scores
0
value 7.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-22T13:21:28Z/
url https://grafana.com/blog/2025/05/23/grafana-security-release-medium-and-high-severity-security-fixes-for-cve-2025-4123-and-cve-2025-3580/
13
reference_url https://access.redhat.com/errata/RHSA-2025:7892
reference_id RHSA-2025:7892
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7892
14
reference_url https://access.redhat.com/errata/RHSA-2025:7893
reference_id RHSA-2025:7893
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7893
15
reference_url https://access.redhat.com/errata/RHSA-2025:7894
reference_id RHSA-2025:7894
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7894
16
reference_url https://access.redhat.com/errata/RHSA-2025:8665
reference_id RHSA-2025:8665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8665
17
reference_url https://access.redhat.com/errata/RHSA-2025:8679
reference_id RHSA-2025:8679
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8679
18
reference_url https://access.redhat.com/errata/RHSA-2025:8680
reference_id RHSA-2025:8680
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8680
19
reference_url https://access.redhat.com/errata/RHSA-2025:8681
reference_id RHSA-2025:8681
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8681
20
reference_url https://access.redhat.com/errata/RHSA-2025:8683
reference_id RHSA-2025:8683
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8683
21
reference_url https://access.redhat.com/errata/RHSA-2025:8684
reference_id RHSA-2025:8684
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8684
22
reference_url https://access.redhat.com/errata/RHSA-2025:8685
reference_id RHSA-2025:8685
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8685
fixed_packages
aliases CVE-2025-4123, GHSA-q53q-gxq9-mgrj
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ss32-rtp3-zufc
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@7.5.11-6%3Farch=el8_6