CVE-2025-2703 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-2703 Interim 1 7 2025-08-05T23:41:56Z current 2025-04-24T23:16:22Z 2025-08-05T23:41:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-2703 The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-updates/2025-June/040353.html E-Mail link for SUSE-SU-2025:01985-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040351.html E-Mail link for SUSE-SU-2025:01987-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040349.html E-Mail link for SUSE-SU-2025:01989-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040347.html E-Mail link for SUSE-SU-2025:01991-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2PKSIUOW7HIED3L6UVUD2KMZSPDHNUTO/ E-Mail link for openSUSE-SU-2025:15052-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Image SLES15-SP4-Manager-Server-4-3-BYOS Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE SUSE Linux Enterprise Module for Package Hub 15 SP6 SUSE Linux Enterprise Module for Package Hub 15 SP7 SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP5-LTSS SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 SUSE Manager Client Tools 12 SUSE Manager Client Tools 15 SUSE Manager Client Tools for SLE Micro 5 SUSE Manager Proxy Module 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.6 openSUSE Tumbleweed firewalld-prometheus-config-0.1-150000.3.62.2 golang-github-prometheus-alertmanager-0.26.0-1.31.2 golang-github-prometheus-node_exporter-1.9.1-1.36.2 golang-github-prometheus-prometheus-2.53.4-1.60.2 golang-github-prometheus-prometheus-2.53.4-150000.3.62.2 grafana-11.5.4-1.1 grafana-11.5.5-1.79.2 grafana-11.5.5-150000.1.79.1 grafana-11.5.5-150200.3.72.2 prometheus-blackbox_exporter-0.26.0-1.27.1 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 release-notes-susemanager-4.3.15.2-150400.3.133.1 release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2 release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE grafana-11.5.5-150200.3.72.2 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP6 grafana-11.5.5-150200.3.72.2 as a component of SUSE Linux Enterprise Module for Package Hub 15 SP7 golang-github-prometheus-node_exporter-1.9.1-1.36.2 as a component of SUSE Linux Enterprise Server 12 SP3-TERADATA golang-github-prometheus-node_exporter-1.9.1-1.36.2 as a component of SUSE Linux Enterprise Server 12 SP5-LTSS golang-github-prometheus-node_exporter-1.9.1-1.36.2 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 golang-github-prometheus-alertmanager-0.26.0-1.31.2 as a component of SUSE Manager Client Tools 12 golang-github-prometheus-node_exporter-1.9.1-1.36.2 as a component of SUSE Manager Client Tools 12 golang-github-prometheus-prometheus-2.53.4-1.60.2 as a component of SUSE Manager Client Tools 12 grafana-11.5.5-1.79.2 as a component of SUSE Manager Client Tools 12 prometheus-blackbox_exporter-0.26.0-1.27.1 as a component of SUSE Manager Client Tools 12 firewalld-prometheus-config-0.1-150000.3.62.2 as a component of SUSE Manager Client Tools 15 golang-github-prometheus-prometheus-2.53.4-150000.3.62.2 as a component of SUSE Manager Client Tools 15 grafana-11.5.5-150000.1.79.1 as a component of SUSE Manager Client Tools 15 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 as a component of SUSE Manager Client Tools 15 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 as a component of SUSE Manager Client Tools for SLE Micro 5 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 as a component of SUSE Manager Proxy Module 4.3 release-notes-susemanager-4.3.15.2-150400.3.133.1 as a component of SUSE Manager Server 4.3 grafana-11.5.5-150200.3.72.2 as a component of openSUSE Leap 15.6 prometheus-blackbox_exporter-0.26.0-150000.1.27.1 as a component of openSUSE Leap 15.6 grafana-11.5.4-1.1 as a component of openSUSE Tumbleweed The built-in XY Chart plugin is vulnerable to a DOM XSS vulnerability. A user with Editor permissions is able to modify such a panel in order to make it execute arbitrary JavaScript. CVE-2025-2703 Image SLES15-SP4-Manager-Server-4-3-BYOS:release-notes-susemanager-4.3.15.2-150400.3.133.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure:release-notes-susemanager-4.3.15.2-150400.3.133.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2:release-notes-susemanager-4.3.15.2-150400.3.133.1 Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE:release-notes-susemanager-4.3.15.2-150400.3.133.1 SUSE Linux Enterprise Module for Package Hub 15 SP6:grafana-11.5.5-150200.3.72.2 SUSE Linux Enterprise Module for Package Hub 15 SP7:grafana-11.5.5-150200.3.72.2 SUSE Linux Enterprise Server 12 SP3-TERADATA:golang-github-prometheus-node_exporter-1.9.1-1.36.2 SUSE Linux Enterprise Server 12 SP5-LTSS:golang-github-prometheus-node_exporter-1.9.1-1.36.2 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:golang-github-prometheus-node_exporter-1.9.1-1.36.2 SUSE Manager Client Tools 12:golang-github-prometheus-alertmanager-0.26.0-1.31.2 SUSE Manager Client Tools 12:golang-github-prometheus-node_exporter-1.9.1-1.36.2 SUSE Manager Client Tools 12:golang-github-prometheus-prometheus-2.53.4-1.60.2 SUSE Manager Client Tools 12:grafana-11.5.5-1.79.2 SUSE Manager Client Tools 12:prometheus-blackbox_exporter-0.26.0-1.27.1 SUSE Manager Client Tools 15:firewalld-prometheus-config-0.1-150000.3.62.2 SUSE Manager Client Tools 15:golang-github-prometheus-prometheus-2.53.4-150000.3.62.2 SUSE Manager Client Tools 15:grafana-11.5.5-150000.1.79.1 SUSE Manager Client Tools 15:prometheus-blackbox_exporter-0.26.0-150000.1.27.1 SUSE Manager Client Tools for SLE Micro 5:prometheus-blackbox_exporter-0.26.0-150000.1.27.1 SUSE Manager Proxy Module 4.3:prometheus-blackbox_exporter-0.26.0-150000.1.27.1 SUSE Manager Server 4.3:release-notes-susemanager-4.3.15.2-150400.3.133.1 openSUSE Leap 15.6:grafana-11.5.5-150200.3.72.2 openSUSE Leap 15.6:prometheus-blackbox_exporter-0.26.0-150000.1.27.1 openSUSE Tumbleweed:grafana-11.5.4-1.1 moderate 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L