What is CVE-2020-11110?

CVE-2020-11110 is a vulnerability in N/a. Published 2020-07-27.

Is CVE-2020-11110 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-11110

Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the sn…

EPSS: 0.540 (98.1th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

AVE-Stoik/CVE-2020-11110-Proof-of-Concept
20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
NarbehJackson/Java-Xss-minitwit16
NarbehJackson/XSS-Python-Lab
kh4sh3i/Grafana-CVE
nomi-sec/PoC-in-GitHub

References

github.com/grafana/grafana/blob/master/CHANGELOG.md (x_refsource_MISC)
security.netapp.com/advisory/ntap-20200810-0002/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-11110?: CVE-2020-11110 is a vulnerability in N/a. Published 2020-07-27.
Is CVE-2020-11110 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.