漏洞描述
Grafana 是一款开源的跨平台数据可视化与监控分析工具,广泛应用于实时指标展示、日志分析和运维监控领域。Grafana 的 /render/public 接口存在跨站脚本(XSS)漏洞,攻击者可以通过该漏洞注入恶意脚本,从而劫持用户会话、窃取敏感信息或执行其他恶意操作。此外,该漏洞还涉及开放重定向(Open Redirect)和服务器端请求伪造(SSRF)问题,可能导致进一步的安全风险。
Grafana /public 服务器端请求伪造漏洞 (CVE-2025-4123)
PoC代码
暂无相关漏洞推荐
-
CVE-2020-13379: Grafana 3.0.1-7.0.1 - Server-Side Request Forgery POC
2025-09-01 | GrafanaGrafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, wh... -
CVE-2021-43798: Grafana v8.x Arbitrary File Read POC
2025-09-01 | GrafanaGrafana versions 8.0.0-beta1 through 8.3.0 are vulnerable to a local directory traversal, allowing a... -
CVE-2022-26148: Grafana & Zabbix Integration - Credentials Disclosure POC
2025-09-01 | Grafana & ZabbixGrafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. ... -
Wordpress Plugin Depicter /wp-admin/admin-ajax.php depicter-lead-list SQL 注入漏洞(CVE-2025-2011) 无POC
2025-09-19 | WordpressWordPress插件Depicter的滑块和弹出窗口构建器在包括3.6.1版本在内的所有版本中,由于用户提供的参数缺乏足够的转义处理和现有SQL查询的预处理不足,存在通用的SQL注入漏洞。该漏洞可以... -
Wordpress Plugin Eventin /wp-admin/admin-ajax.php proxy_image 文件读取漏洞(CVE-2025-3419) 无POC
2025-09-19 | WordpressEvent Manager, Events Calendar, Tickets, Registrations – Eventin 是一个用于 WordPress 的插件。该漏洞存在于其 proxy_i...