[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-2703":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":45,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":58,"related":59,"reserved_at":9,"published_at":65,"modified_at":66,"state":67,"summary":68,"references_raw":77,"kevs":87,"epss":88,"epss_history":91,"metrics":359,"affected":367},"CVE-2025-2703","The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. \n\nA user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[],[],[],[48,50,52,54,56],{"_key":49},"SUSE-SU-2025:01985-1",{"_key":51},"SUSE-SU-2025:01987-1",{"_key":53},"SUSE-SU-2025:01989-1",{"_key":55},"SUSE-SU-2025:01991-1",{"_key":57},"OPENSUSE-SU-2025:15052-1",[],[60,61,62,63,64],{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},"2025-04-23T11:36:02.852Z","2025-06-10T10:53:48.851Z","Deferred",{"cisa_kev":69,"cisa_ransomware":69,"cisa_vendor":9,"epss_severity":70,"epss_score":71,"severity":72,"severity_score":73,"severity_version":74,"severity_source":75,"severity_vector":76,"severity_status":67},false,"low",0.00042,"medium",6.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L",[78,83],{"url":79,"sources":80,"tags":82},"https://grafana.com/security/security-advisories/cve-2025-2703",[75,81],"nvd",[],{"url":84,"sources":85,"tags":86},"https://www.sonarsource.com/blog/data-in-danger-detecting-xss-in-grafana-cve-2025-2703/",[75,81],[],[],{"date":89,"score":71,"percentile":90},"2026-06-04",0.13105,[92,96,99,102,105,108,111,114,117,120,123,125,128,130,134,138,141,144,147,150,153,156,159,162,165,168,171,174,177,180,182,185,188,191,194,197,199,202,205,208,211,214,216,218,221,223,226,228,231,234,236,239,242,245,249,252,255,258,261,264,267,270,273,276,279,283,286,289,292,295,298,301,304,307,310,314,317,320,323,326,329,332,335,338,341,344,347,350,353,356],{"date":93,"score":94,"percentile":95},"2025-11-04",0.00011,0.00932,{"date":97,"score":94,"percentile":98},"2025-11-05",0.00942,{"date":100,"score":94,"percentile":101},"2025-11-06",0.00946,{"date":103,"score":94,"percentile":104},"2025-11-07",0.00948,{"date":106,"score":94,"percentile":107},"2025-11-08",0.00947,{"date":109,"score":94,"percentile":110},"2025-11-09",0.00945,{"date":112,"score":94,"percentile":113},"2025-11-10",0.00936,{"date":115,"score":94,"percentile":116},"2025-11-11",0.00939,{"date":118,"score":94,"percentile":119},"2025-11-12",0.0094,{"date":121,"score":94,"percentile":122},"2025-11-13",0.00941,{"date":124,"score":94,"percentile":110},"2025-11-14",{"date":126,"score":94,"percentile":127},"2025-11-15",0.00969,{"date":129,"score":94,"percentile":127},"2025-11-16",{"date":131,"score":132,"percentile":133},"2025-11-17",0.00012,0.0127,{"date":135,"score":136,"percentile":137},"2025-11-18",0.00081,0.20046,{"date":139,"score":136,"percentile":140},"2025-11-19",0.20062,{"date":142,"score":136,"percentile":143},"2025-11-20",0.20036,{"date":145,"score":132,"percentile":146},"2025-11-21",0.01323,{"date":148,"score":132,"percentile":149},"2025-11-22",0.01321,{"date":151,"score":132,"percentile":152},"2025-11-23",0.01309,{"date":154,"score":132,"percentile":155},"2025-11-24",0.01302,{"date":157,"score":132,"percentile":158},"2025-11-25",0.01299,{"date":160,"score":132,"percentile":161},"2025-11-26",0.01237,{"date":163,"score":132,"percentile":164},"2025-11-27",0.01082,{"date":166,"score":132,"percentile":167},"2025-11-28",0.01089,{"date":169,"score":132,"percentile":170},"2025-11-29",0.01123,{"date":172,"score":132,"percentile":173},"2025-11-30",0.01131,{"date":175,"score":132,"percentile":176},"2025-12-01",0.01164,{"date":178,"score":132,"percentile":179},"2025-12-02",0.01158,{"date":181,"score":132,"percentile":176},"2025-12-03",{"date":183,"score":132,"percentile":184},"2025-12-04",0.01133,{"date":186,"score":132,"percentile":187},"2025-12-05",0.01147,{"date":189,"score":132,"percentile":190},"2025-12-06",0.01148,{"date":192,"score":132,"percentile":193},"2025-12-07",0.01149,{"date":195,"score":132,"percentile":196},"2025-12-08",0.01152,{"date":198,"score":132,"percentile":176},"2025-12-09",{"date":200,"score":132,"percentile":201},"2025-12-10",0.01178,{"date":203,"score":132,"percentile":204},"2025-12-11",0.01169,{"date":206,"score":132,"percentile":207},"2025-12-12",0.01167,{"date":209,"score":132,"percentile":210},"2025-12-13",0.01156,{"date":212,"score":132,"percentile":213},"2025-12-14",0.01153,{"date":215,"score":132,"percentile":193},"2025-12-15",{"date":217,"score":132,"percentile":213},"2025-12-16",{"date":219,"score":132,"percentile":220},"2025-12-17",0.01154,{"date":222,"score":132,"percentile":187},"2025-12-18",{"date":224,"score":132,"percentile":225},"2025-12-19",0.0115,{"date":227,"score":132,"percentile":193},"2025-12-20",{"date":229,"score":132,"percentile":230},"2025-12-21",0.01159,{"date":232,"score":132,"percentile":233},"2025-12-22",0.0116,{"date":235,"score":132,"percentile":230},"2025-12-23",{"date":237,"score":132,"percentile":238},"2025-12-24",0.01162,{"date":240,"score":132,"percentile":241},"2025-12-25",0.01166,{"date":243,"score":132,"percentile":244},"2025-12-26",0.01168,{"date":246,"score":247,"percentile":248},"2025-12-27",0.00013,0.01453,{"date":250,"score":247,"percentile":251},"2025-12-28",0.01451,{"date":253,"score":247,"percentile":254},"2025-12-29",0.01442,{"date":256,"score":247,"percentile":257},"2025-12-30",0.01437,{"date":259,"score":247,"percentile":260},"2025-12-31",0.01435,{"date":262,"score":247,"percentile":263},"2026-01-01",0.01452,{"date":265,"score":247,"percentile":266},"2026-01-02",0.01456,{"date":268,"score":247,"percentile":269},"2026-01-03",0.01458,{"date":271,"score":247,"percentile":272},"2026-01-04",0.01433,{"date":274,"score":247,"percentile":275},"2026-01-05",0.01441,{"date":277,"score":247,"percentile":278},"2026-01-06",0.01434,{"date":280,"score":281,"percentile":282},"2026-01-07",0.00016,0.02932,{"date":284,"score":281,"percentile":285},"2026-01-08",0.02958,{"date":287,"score":281,"percentile":288},"2026-01-09",0.02971,{"date":290,"score":281,"percentile":291},"2026-01-10",0.0298,{"date":293,"score":281,"percentile":294},"2026-01-11",0.02964,{"date":296,"score":281,"percentile":297},"2026-01-12",0.02924,{"date":299,"score":281,"percentile":300},"2026-01-13",0.02915,{"date":302,"score":281,"percentile":303},"2026-01-14",0.02921,{"date":305,"score":281,"percentile":306},"2026-01-15",0.02907,{"date":308,"score":281,"percentile":309},"2026-01-16",0.02905,{"date":311,"score":312,"percentile":313},"2026-01-17",0.00018,0.03828,{"date":315,"score":312,"percentile":316},"2026-01-18",0.03802,{"date":318,"score":312,"percentile":319},"2026-01-19",0.03759,{"date":321,"score":312,"percentile":322},"2026-01-20",0.0373,{"date":324,"score":312,"percentile":325},"2026-01-21",0.03722,{"date":327,"score":312,"percentile":328},"2026-01-22",0.03727,{"date":330,"score":312,"percentile":331},"2026-01-23",0.03772,{"date":333,"score":312,"percentile":334},"2026-01-24",0.03804,{"date":336,"score":312,"percentile":337},"2026-01-25",0.03783,{"date":339,"score":312,"percentile":340},"2026-01-26",0.03765,{"date":342,"score":312,"percentile":343},"2026-01-27",0.03754,{"date":345,"score":312,"percentile":346},"2026-01-28",0.03739,{"date":348,"score":312,"percentile":349},"2026-01-29",0.03757,{"date":351,"score":312,"percentile":352},"2026-01-30",0.03758,{"date":354,"score":312,"percentile":355},"2026-01-31",0.03735,{"date":357,"score":312,"percentile":358},"2026-02-01",0.03832,[360,365],{"source":75,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":361,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":362,"vectorString":76,"impactScore":363,"exploitabilityScore":364},"MEDIUM",7.8,5.4,{"source":81,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":366,"cvss_v4_0":9},{"baseScore":73,"baseSeverity":362,"vectorString":76,"impactScore":363,"exploitabilityScore":364},[368,395],{"ecosystem":9,"name":369,"vendor":369,"product":369,"cpe_part":370,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":371},"grafana","a",[372,379,383,387,391],{"version":373,"is_range":374,"range_type":75,"version_start":375,"version_start_type":376,"version_end":377,"version_end_type":378,"fixed_in":9},">= 11.6.0, \u003C 11.6.0+security-01",true,"11.6.0","including","11.6.0+security-01","excluding",{"version":380,"is_range":374,"range_type":75,"version_start":381,"version_start_type":376,"version_end":382,"version_end_type":378,"fixed_in":9},">= 11.5.0, \u003C 11.5.3+security-01","11.5.0","11.5.3+security-01",{"version":384,"is_range":374,"range_type":75,"version_start":385,"version_start_type":376,"version_end":386,"version_end_type":378,"fixed_in":9},">= 11.4.0, \u003C 11.4.3+security-01","11.4.0","11.4.3+security-01",{"version":388,"is_range":374,"range_type":75,"version_start":389,"version_start_type":376,"version_end":390,"version_end_type":378,"fixed_in":9},">= 11.3.0, \u003C 11.3.5+security-01","11.3.0","11.3.5+security-01",{"version":392,"is_range":374,"range_type":75,"version_start":393,"version_start_type":376,"version_end":394,"version_end_type":378,"fixed_in":9},">= 11.2.0, \u003C 11.2.8+security-01","11.2.0","11.2.8+security-01",{"ecosystem":9,"name":396,"vendor":369,"product":397,"cpe_part":370,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":398},"Grafana Enterprise","grafana enterprise",[399,400,401,402,403],{"version":373,"is_range":374,"range_type":75,"version_start":375,"version_start_type":376,"version_end":377,"version_end_type":378,"fixed_in":9},{"version":380,"is_range":374,"range_type":75,"version_start":381,"version_start_type":376,"version_end":382,"version_end_type":378,"fixed_in":9},{"version":384,"is_range":374,"range_type":75,"version_start":385,"version_start_type":376,"version_end":386,"version_end_type":378,"fixed_in":9},{"version":388,"is_range":374,"range_type":75,"version_start":389,"version_start_type":376,"version_end":390,"version_end_type":378,"fixed_in":9},{"version":392,"is_range":374,"range_type":75,"version_start":393,"version_start_type":376,"version_end":394,"version_end_type":378,"fixed_in":9}]