A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting).
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Fri, 10 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A user with Editor permissions can craft a dashboard whose table (TableNG) panel contains a malicious field name that executes as a script in the browser of any user who views the dashboard (stored cross-site scripting). | |
| Title | Stored XSS in the table panel (TableNG) | |
| Weaknesses | CWE-79 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GRAFANA
Published:
Updated: 2026-07-10T18:44:49.902Z
Reserved: 2026-05-14T12:50:43.291Z
Link: CVE-2026-8595
Updated: 2026-07-10T15:58:52.679Z
No data.
No data.
OpenCVE Enrichment
No data.