[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-6023":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":55,"aliases":56,"duplicate_of":9,"upstream":60,"downstream":61,"duplicates":78,"related":79,"reserved_at":9,"published_at":87,"modified_at":88,"state":89,"summary":90,"references_raw":99,"kevs":156,"epss":157,"epss_history":160,"metrics":440,"affected":450},"CVE-2025-6023","An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0.\n\nThe open redirect can be chained with path traversal vulnerabilities to achieve XSS.\n\nFixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01",null,[11,44],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],{"_key":45,"id":45,"name":46,"description":47,"type":15,"status":48,"abstraction":17,"likelihood_of_exploit":49,"capec":50},"CWE-601","URL Redirection to Untrusted Site ('Open Redirect')","The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.","Draft","Low",[51],{"id":52,"name":53,"techniques":54},"CAPEC-178","Cross-Site Flashing",[],[],[57,58,59],"GHSA-vqph-p5vc-g644","BIT-grafana-2025-6023","GO-2025-3817",[],[62,64,66,68,70,72,74,76],{"_key":63},"UBUNTU-CVE-2025-6023",{"_key":65},"SUSE-SU-2025:3817-1",{"_key":67},"SUSE-SU-2025:3819-1",{"_key":69},"SUSE-SU-2025:4457-1",{"_key":71},"SUSE-SU-2025:4458-1",{"_key":73},"SUSE-SU-2025:4482-1",{"_key":75},"OPENSUSE-SU-2025:15372-1",{"_key":77},"OPENSUSE-SU-2025:15405-1",[],[80,81,82,83,84,85,86],{"_key":65},{"_key":67},{"_key":69},{"_key":71},{"_key":73},{"_key":75},{"_key":77},"2025-07-18T07:48:15.972Z","2025-07-18T13:46:45.354Z","Deferred",{"cisa_kev":91,"cisa_ransomware":91,"cisa_vendor":9,"epss_severity":92,"epss_score":93,"severity":94,"severity_score":95,"severity_version":96,"severity_source":97,"severity_vector":98,"severity_status":89},false,"low",0.07087,"high",7.6,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",[100,106,112,118,124,128,132,136,140,144,148,152],{"url":101,"sources":102,"tags":104},"https://grafana.com/security/security-advisories/cve-2025-6023/",[97,103],"nvd",[105],"Vendor Advisory",{"url":107,"sources":108,"tags":109},"https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023/",[97,103],[110,111],"Release Notes","Mitigation",{"url":113,"sources":114,"tags":116},"https://nvd.nist.gov/vuln/detail/CVE-2025-6023",[115],"osv_go",[117],"Advisory",{"url":119,"sources":120,"tags":121},"https://github.com/grafana/grafana/commit/0ba0b99665a946cd96676ef85ec8bc83028cb1d7",[115],[122,123],"WEB","FIX",{"url":125,"sources":126,"tags":127},"https://github.com/grafana/grafana/commit/40ed88fe86d347bcde5ddaed6c4a20a95d2f0d55",[115],[122,123],{"url":129,"sources":130,"tags":131},"https://github.com/grafana/grafana/commit/5b00e21638f565eed46acb4d0b7c009968df4c3b",[115],[122,123],{"url":133,"sources":134,"tags":135},"https://github.com/grafana/grafana/commit/b6dd2b70c655c61b111b328f1a7dcca6b3954936",[115],[122,123],{"url":137,"sources":138,"tags":139},"https://github.com/grafana/grafana/commit/e0ba4b480954f8a33aa2cff3229f6bcc05777bd9",[115],[122,123],{"url":141,"sources":142,"tags":143},"https://github.com/grafana/grafana",[115],[122],{"url":145,"sources":146,"tags":147},"https://grafana.com/blog/2025/07/17/grafana-security-release-medium-and-high-severity-fixes-for-cve-2025-6197-and-cve-2025-6023",[115],[122],{"url":149,"sources":150,"tags":151},"https://grafana.com/security/security-advisories/cve-2025-6023",[115],[122],{"url":153,"sources":154,"tags":155},"https://github.com/advisories/GHSA-vqph-p5vc-g644",[115],[117],[],{"date":158,"score":93,"percentile":159},"2026-06-05",0.91684,[161,165,168,171,174,177,181,184,187,190,193,196,199,202,206,210,213,216,219,222,225,228,231,233,236,239,242,244,247,250,252,255,258,261,264,267,270,273,276,279,283,286,288,291,294,298,301,304,307,310,313,316,319,323,327,330,333,336,339,342,345,348,350,354,357,360,363,367,370,373,376,380,383,386,389,392,396,399,403,406,409,412,416,420,423,426,429,432,435,437],{"date":162,"score":163,"percentile":164},"2025-11-04",0.02463,0.84703,{"date":166,"score":163,"percentile":167},"2025-11-05",0.84707,{"date":169,"score":163,"percentile":170},"2025-11-06",0.8471,{"date":172,"score":163,"percentile":173},"2025-11-07",0.84715,{"date":175,"score":163,"percentile":176},"2025-11-08",0.84719,{"date":178,"score":179,"percentile":180},"2025-11-09",0.02327,0.84277,{"date":182,"score":179,"percentile":183},"2025-11-10",0.84273,{"date":185,"score":179,"percentile":186},"2025-11-11",0.84279,{"date":188,"score":179,"percentile":189},"2025-11-12",0.84288,{"date":191,"score":179,"percentile":192},"2025-11-13",0.84296,{"date":194,"score":179,"percentile":195},"2025-11-14",0.84297,{"date":197,"score":179,"percentile":198},"2025-11-15",0.8429,{"date":200,"score":179,"percentile":201},"2025-11-16",0.84291,{"date":203,"score":204,"percentile":205},"2025-11-17",0.02668,0.85276,{"date":207,"score":208,"percentile":209},"2025-11-18",0.05236,0.88944,{"date":211,"score":208,"percentile":212},"2025-11-19",0.88948,{"date":214,"score":208,"percentile":215},"2025-11-20",0.88951,{"date":217,"score":204,"percentile":218},"2025-11-21",0.85292,{"date":220,"score":204,"percentile":221},"2025-11-22",0.85289,{"date":223,"score":204,"percentile":224},"2025-11-23",0.8528,{"date":226,"score":204,"percentile":227},"2025-11-24",0.85281,{"date":229,"score":204,"percentile":230},"2025-11-25",0.85278,{"date":232,"score":204,"percentile":227},"2025-11-26",{"date":234,"score":204,"percentile":235},"2025-11-27",0.85282,{"date":237,"score":204,"percentile":238},"2025-11-28",0.85263,{"date":240,"score":204,"percentile":241},"2025-11-29",0.85308,{"date":243,"score":204,"percentile":241},"2025-11-30",{"date":245,"score":204,"percentile":246},"2025-12-01",0.85368,{"date":248,"score":204,"percentile":249},"2025-12-02",0.85373,{"date":251,"score":204,"percentile":249},"2025-12-03",{"date":253,"score":204,"percentile":254},"2025-12-04",0.85309,{"date":256,"score":204,"percentile":257},"2025-12-05",0.85313,{"date":259,"score":204,"percentile":260},"2025-12-06",0.8531,{"date":262,"score":204,"percentile":263},"2025-12-07",0.85297,{"date":265,"score":204,"percentile":266},"2025-12-08",0.85298,{"date":268,"score":204,"percentile":269},"2025-12-09",0.85306,{"date":271,"score":204,"percentile":272},"2025-12-10",0.85328,{"date":274,"score":204,"percentile":275},"2025-12-11",0.85335,{"date":277,"score":204,"percentile":278},"2025-12-12",0.85339,{"date":280,"score":281,"percentile":282},"2025-12-13",0.01381,0.79792,{"date":284,"score":281,"percentile":285},"2025-12-14",0.79794,{"date":287,"score":281,"percentile":282},"2025-12-15",{"date":289,"score":281,"percentile":290},"2025-12-16",0.79801,{"date":292,"score":281,"percentile":293},"2025-12-17",0.79812,{"date":295,"score":296,"percentile":297},"2025-12-18",0.02537,0.85008,{"date":299,"score":296,"percentile":300},"2025-12-19",0.85012,{"date":302,"score":296,"percentile":303},"2025-12-20",0.85001,{"date":305,"score":296,"percentile":306},"2025-12-21",0.85009,{"date":308,"score":296,"percentile":309},"2025-12-22",0.8501,{"date":311,"score":296,"percentile":312},"2025-12-23",0.85017,{"date":314,"score":296,"percentile":315},"2025-12-24",0.85022,{"date":317,"score":296,"percentile":318},"2025-12-25",0.85038,{"date":320,"score":321,"percentile":322},"2025-12-26",0.03142,0.86479,{"date":324,"score":325,"percentile":326},"2025-12-27",0.04132,0.88333,{"date":328,"score":325,"percentile":329},"2025-12-28",0.88286,{"date":331,"score":325,"percentile":332},"2025-12-29",0.88281,{"date":334,"score":325,"percentile":335},"2025-12-30",0.88289,{"date":337,"score":325,"percentile":338},"2025-12-31",0.88299,{"date":340,"score":325,"percentile":341},"2026-01-01",0.88359,{"date":343,"score":325,"percentile":344},"2026-01-02",0.88354,{"date":346,"score":325,"percentile":347},"2026-01-03",0.8835,{"date":349,"score":325,"percentile":335},"2026-01-04",{"date":351,"score":352,"percentile":353},"2026-01-05",0.04674,0.88977,{"date":355,"score":352,"percentile":356},"2026-01-06",0.88981,{"date":358,"score":352,"percentile":359},"2026-01-07",0.88983,{"date":361,"score":352,"percentile":362},"2026-01-08",0.8899,{"date":364,"score":365,"percentile":366},"2026-01-09",0.04045,0.88172,{"date":368,"score":365,"percentile":369},"2026-01-10",0.88173,{"date":371,"score":365,"percentile":372},"2026-01-11",0.88167,{"date":374,"score":365,"percentile":375},"2026-01-12",0.88165,{"date":377,"score":378,"percentile":379},"2026-01-13",0.03775,0.87698,{"date":381,"score":378,"percentile":382},"2026-01-14",0.87712,{"date":384,"score":378,"percentile":385},"2026-01-15",0.87713,{"date":387,"score":378,"percentile":388},"2026-01-16",0.87718,{"date":390,"score":378,"percentile":391},"2026-01-17",0.8772,{"date":393,"score":394,"percentile":395},"2026-01-18",0.0514,0.89554,{"date":397,"score":394,"percentile":398},"2026-01-19",0.89552,{"date":400,"score":401,"percentile":402},"2026-01-20",0.04365,0.88618,{"date":404,"score":401,"percentile":405},"2026-01-21",0.88624,{"date":407,"score":378,"percentile":408},"2026-01-22",0.87725,{"date":410,"score":378,"percentile":411},"2026-01-23",0.87737,{"date":413,"score":414,"percentile":415},"2026-01-24",0.03714,0.87649,{"date":417,"score":418,"percentile":419},"2026-01-25",0.04381,0.88668,{"date":421,"score":414,"percentile":422},"2026-01-26",0.87643,{"date":424,"score":414,"percentile":425},"2026-01-27",0.87645,{"date":427,"score":414,"percentile":428},"2026-01-28",0.87648,{"date":430,"score":414,"percentile":431},"2026-01-29",0.87652,{"date":433,"score":414,"percentile":434},"2026-01-30",0.87653,{"date":436,"score":414,"percentile":415},"2026-01-31",{"date":438,"score":378,"percentile":439},"2026-02-01",0.87811,[441,446,448],{"source":97,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":443,"vectorString":98,"impactScore":444,"exploitabilityScore":445},"HIGH",7.8,7.2,{"source":103,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":447,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":443,"vectorString":98,"impactScore":444,"exploitabilityScore":445},{"source":115,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":449,"cvss_v4_0":9},{"baseScore":95,"baseSeverity":9,"vectorString":98,"impactScore":444,"exploitabilityScore":445},[451,466],{"ecosystem":452,"name":453,"vendor":454,"product":455,"cpe_part":9,"purl_type":456,"purl_namespace":454,"purl_name":455,"source":9,"versions":457},"Go","github.com/grafana/grafana","github.com/grafana","grafana","golang",[458,464],{"version":459,"is_range":460,"range_type":461,"version_start":9,"version_start_type":9,"version_end":462,"version_end_type":463,"fixed_in":9},"lt1_9_2_0_20250521205822_0ba0b99665a9",true,"semver","1.9.2-0.20250521205822-0ba0b99665a9","excluding",{"version":465,"is_range":460,"range_type":461,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":9,"name":455,"vendor":455,"product":455,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":468},"a",[469,474,478,482,486],{"version":470,"is_range":460,"range_type":97,"version_start":471,"version_start_type":472,"version_end":473,"version_end_type":463,"fixed_in":9},">= 12.0.x, \u003C 12.0.2+security-01","12.0.x","including","12.0.2+security-01",{"version":475,"is_range":460,"range_type":97,"version_start":476,"version_start_type":472,"version_end":477,"version_end_type":463,"fixed_in":9},">= 11.6.x, \u003C 11.6.3+security-01","11.6.x","11.6.3+security-01",{"version":479,"is_range":460,"range_type":97,"version_start":480,"version_start_type":472,"version_end":481,"version_end_type":463,"fixed_in":9},">= 11.5.x, \u003C 11.5.6+security-01","11.5.x","11.5.6+security-01",{"version":483,"is_range":460,"range_type":97,"version_start":484,"version_start_type":472,"version_end":485,"version_end_type":463,"fixed_in":9},">= 11.4.x, \u003C 11.4.6+security-01","11.4.x","11.4.6+security-01",{"version":487,"is_range":460,"range_type":97,"version_start":488,"version_start_type":472,"version_end":489,"version_end_type":463,"fixed_in":9},">= 11.3.x, \u003C 11.3.8+security-01","11.3.x","11.3.8+security-01"]