CVE-2025-2703
6.8
MediumCVE-2025-2703
•
security@grafana.com
•
Awaiting Analysis
Description
The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.
Exploits
No known exploits found for this CVE.
Search Exploit-DBReferences
security@grafana.com
https://grafana.com/security/security-advisories/cve-2025-2703