[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-24303":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":49,"downstream":50,"duplicates":63,"related":64,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":81,"kevs":121,"epss":122,"epss_history":125,"metrics":384,"affected":400},"CVE-2020-24303","Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[46,47,48],"GHSA-mvpr-q6rh-8vrp","BIT-grafana-2020-24303","GO-2024-2520",[],[51,53,55,57,59,61],{"_key":52},"SUSE-SU-2020:3624-1",{"_key":54},"UBUNTU-CVE-2020-24303",{"_key":56},"SUSE-SU-2020:3897-1",{"_key":58},"SUSE-SU-2021:1233-1",{"_key":60},"SUSE-SU-2021:1962-1",{"_key":62},"RHSA-2021:1859",[],[65,66,67,68],{"_key":52},{"_key":56},{"_key":58},{"_key":60},"2020-10-28T13:25:22.000Z","2024-08-04T15:12:08.961Z","Modified",{"cisa_kev":73,"cisa_ransomware":73,"cisa_vendor":9,"epss_severity":74,"epss_score":75,"severity":76,"severity_score":77,"severity_version":78,"severity_source":79,"severity_vector":80,"severity_status":71},false,"low",0.00477,"medium",6.1,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",[82,92,98,103,108,113,117],{"url":83,"sources":84,"tags":87},"https://github.com/grafana/grafana/blob/master/CHANGELOG.md#710-beta-1-2020-07-01",[85,79,86],"cve.org","osv_go",[88,89,90,91],"X Refsource MISC","Release Notes","Third Party Advisory","WEB",{"url":93,"sources":94,"tags":95},"https://github.com/grafana/grafana/pull/25401",[85,79,86],[88,96,90,91,97],"Patch","FIX",{"url":99,"sources":100,"tags":101},"https://security.netapp.com/advisory/ntap-20201123-0002/",[85,79],[102,90],"X Refsource CONFIRM",{"url":104,"sources":105,"tags":106},"https://nvd.nist.gov/vuln/detail/CVE-2020-24303",[86],[107],"Advisory",{"url":109,"sources":110,"tags":111},"https://github.com/grafana/grafana",[86],[112],"PACKAGE",{"url":114,"sources":115,"tags":116},"https://security.netapp.com/advisory/ntap-20201123-0002",[86],[91],{"url":118,"sources":119,"tags":120},"https://github.com/advisories/GHSA-mvpr-q6rh-8vrp",[86],[107],[],{"date":123,"score":75,"percentile":124},"2026-06-04",0.65297,[126,130,133,136,139,141,144,147,150,153,156,159,161,164,167,171,174,177,179,182,185,188,190,193,195,198,201,204,207,210,213,216,219,222,225,228,231,234,237,240,242,245,248,251,254,257,260,263,266,269,272,275,278,281,285,288,291,294,297,300,303,306,309,311,313,316,319,322,325,328,331,334,337,339,341,344,347,350,353,355,357,360,363,365,367,370,373,376,378,381],{"date":127,"score":128,"percentile":129},"2025-11-04",0.00362,0.57653,{"date":131,"score":128,"percentile":132},"2025-11-05",0.57631,{"date":134,"score":128,"percentile":135},"2025-11-06",0.57633,{"date":137,"score":128,"percentile":138},"2025-11-07",0.57648,{"date":140,"score":128,"percentile":138},"2025-11-08",{"date":142,"score":128,"percentile":143},"2025-11-09",0.57637,{"date":145,"score":128,"percentile":146},"2025-11-10",0.57614,{"date":148,"score":128,"percentile":149},"2025-11-11",0.57627,{"date":151,"score":128,"percentile":152},"2025-11-12",0.57651,{"date":154,"score":128,"percentile":155},"2025-11-13",0.57656,{"date":157,"score":128,"percentile":158},"2025-11-14",0.5766,{"date":160,"score":128,"percentile":129},"2025-11-15",{"date":162,"score":128,"percentile":163},"2025-11-16",0.57638,{"date":165,"score":128,"percentile":166},"2025-11-17",0.57632,{"date":168,"score":169,"percentile":170},"2025-11-18",0.01105,0.76224,{"date":172,"score":169,"percentile":173},"2025-11-19",0.7623,{"date":175,"score":169,"percentile":176},"2025-11-20",0.76241,{"date":178,"score":128,"percentile":152},"2025-11-21",{"date":180,"score":128,"percentile":181},"2025-11-22",0.57649,{"date":183,"score":128,"percentile":184},"2025-11-23",0.57622,{"date":186,"score":128,"percentile":187},"2025-11-24",0.57618,{"date":189,"score":128,"percentile":184},"2025-11-25",{"date":191,"score":128,"percentile":192},"2025-11-26",0.57624,{"date":194,"score":128,"percentile":149},"2025-11-27",{"date":196,"score":128,"percentile":197},"2025-11-28",0.57602,{"date":199,"score":128,"percentile":200},"2025-11-29",0.57588,{"date":202,"score":128,"percentile":203},"2025-11-30",0.57582,{"date":205,"score":128,"percentile":206},"2025-12-01",0.57737,{"date":208,"score":128,"percentile":209},"2025-12-02",0.57753,{"date":211,"score":128,"percentile":212},"2025-12-03",0.57751,{"date":214,"score":128,"percentile":215},"2025-12-04",0.57581,{"date":217,"score":128,"percentile":218},"2025-12-05",0.57594,{"date":220,"score":128,"percentile":221},"2025-12-06",0.57593,{"date":223,"score":128,"percentile":224},"2025-12-07",0.5759,{"date":226,"score":128,"percentile":227},"2025-12-08",0.57592,{"date":229,"score":128,"percentile":230},"2025-12-09",0.57619,{"date":232,"score":128,"percentile":233},"2025-12-10",0.57672,{"date":235,"score":128,"percentile":236},"2025-12-11",0.57698,{"date":238,"score":128,"percentile":239},"2025-12-12",0.57723,{"date":241,"score":128,"percentile":239},"2025-12-13",{"date":243,"score":128,"percentile":244},"2025-12-14",0.5772,{"date":246,"score":128,"percentile":247},"2025-12-15",0.57703,{"date":249,"score":128,"percentile":250},"2025-12-16",0.57718,{"date":252,"score":128,"percentile":253},"2025-12-17",0.57727,{"date":255,"score":128,"percentile":256},"2025-12-18",0.57763,{"date":258,"score":128,"percentile":259},"2025-12-19",0.57771,{"date":261,"score":128,"percentile":262},"2025-12-20",0.5777,{"date":264,"score":128,"percentile":265},"2025-12-21",0.57749,{"date":267,"score":128,"percentile":268},"2025-12-22",0.57732,{"date":270,"score":128,"percentile":271},"2025-12-23",0.5774,{"date":273,"score":128,"percentile":274},"2025-12-24",0.57754,{"date":276,"score":128,"percentile":277},"2025-12-25",0.578,{"date":279,"score":128,"percentile":280},"2025-12-26",0.57795,{"date":282,"score":283,"percentile":284},"2025-12-27",0.00343,0.56496,{"date":286,"score":128,"percentile":287},"2025-12-28",0.57768,{"date":289,"score":128,"percentile":290},"2025-12-29",0.57759,{"date":292,"score":128,"percentile":293},"2025-12-30",0.5776,{"date":295,"score":128,"percentile":296},"2025-12-31",0.57796,{"date":298,"score":128,"percentile":299},"2026-01-01",0.57968,{"date":301,"score":128,"percentile":302},"2026-01-02",0.5795,{"date":304,"score":128,"percentile":305},"2026-01-03",0.57947,{"date":307,"score":128,"percentile":308},"2026-01-04",0.57769,{"date":310,"score":128,"percentile":290},"2026-01-05",{"date":312,"score":128,"percentile":308},"2026-01-06",{"date":314,"score":128,"percentile":315},"2026-01-07",0.57798,{"date":317,"score":128,"percentile":318},"2026-01-08",0.5782,{"date":320,"score":128,"percentile":321},"2026-01-09",0.57825,{"date":323,"score":128,"percentile":324},"2026-01-10",0.57824,{"date":326,"score":128,"percentile":327},"2026-01-11",0.57809,{"date":329,"score":128,"percentile":330},"2026-01-12",0.57773,{"date":332,"score":128,"percentile":333},"2026-01-13",0.5775,{"date":335,"score":128,"percentile":336},"2026-01-14",0.57794,{"date":338,"score":128,"percentile":296},"2026-01-15",{"date":340,"score":128,"percentile":318},"2026-01-16",{"date":342,"score":128,"percentile":343},"2026-01-17",0.57808,{"date":345,"score":128,"percentile":346},"2026-01-18",0.57801,{"date":348,"score":128,"percentile":349},"2026-01-19",0.57786,{"date":351,"score":128,"percentile":352},"2026-01-20",0.57792,{"date":354,"score":128,"percentile":296},"2026-01-21",{"date":356,"score":128,"percentile":336},"2026-01-22",{"date":358,"score":128,"percentile":359},"2026-01-23",0.57831,{"date":361,"score":128,"percentile":362},"2026-01-24",0.57838,{"date":364,"score":128,"percentile":346},"2026-01-25",{"date":366,"score":128,"percentile":349},"2026-01-26",{"date":368,"score":128,"percentile":369},"2026-01-27",0.57797,{"date":371,"score":128,"percentile":372},"2026-01-28",0.57803,{"date":374,"score":128,"percentile":375},"2026-01-29",0.57804,{"date":377,"score":128,"percentile":375},"2026-01-30",{"date":379,"score":128,"percentile":380},"2026-01-31",0.57807,{"date":382,"score":128,"percentile":383},"2026-02-01",0.57954,[385,395],{"source":79,"cvss_v2_0":386,"cvss_v3_0":9,"cvss_v3_1":391,"cvss_v4_0":9},{"baseScore":387,"baseSeverity":9,"vectorString":388,"impactScore":389,"exploitabilityScore":390},4.3,"AV:N/AC:M/Au:N/C:N/I:P/A:N",2.9,8.6,{"baseScore":77,"baseSeverity":392,"vectorString":80,"impactScore":393,"exploitabilityScore":394},"MEDIUM",4.5,7.2,{"source":86,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":396,"cvss_v4_0":397},{"baseScore":77,"baseSeverity":9,"vectorString":80,"impactScore":393,"exploitabilityScore":394},{"baseScore":398,"baseSeverity":9,"vectorString":399,"impactScore":9,"exploitabilityScore":9},5.1,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",[401,416],{"ecosystem":402,"name":403,"vendor":404,"product":405,"cpe_part":9,"purl_type":406,"purl_namespace":404,"purl_name":405,"source":9,"versions":407},"Go","github.com/grafana/grafana","github.com/grafana","grafana","golang",[408,414],{"version":409,"is_range":410,"range_type":411,"version_start":9,"version_start_type":9,"version_end":412,"version_end_type":413,"fixed_in":9},"lt7_1_0_beta1",true,"semver","7.1.0-beta1","excluding",{"version":415,"is_range":410,"range_type":411,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":9,"name":405,"vendor":405,"product":405,"cpe_part":417,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":418},"a",[419],{"version":420,"is_range":410,"range_type":421,"version_start":9,"version_start_type":9,"version_end":422,"version_end_type":423,"fixed_in":9},"lte7.0.5","cpe","7.0.5","including"]