Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-3m87-5598-2v4f

GitHub Security Advisory

Withdrawn Advisory: Prometheus XSS Vulnerability

✓ GitHub Reviewed MODERATE Withdrawn Has CVE
View on GitHub

Advisory Details

## Withdrawn Advisory
This advisory has been withdrawn because the vulnerability does not apply to the Prometheus golang package. This link is maintained to preserve external references.

## Original Description
A stored, DOM based, cross-site scripting (XSS) flaw was found in Prometheus before version 2.7.1. An attacker could exploit this by convincing an authenticated user to visit a crafted URL on a Prometheus server, allowing for the execution and persistent storage of arbitrary scripts.

Affected Packages

Go github.com/prometheus/prometheus
Affected versions: 0 (fixed in 2.7.1)

Related CVEs

CVE-2019-3826

Key Information

GHSA ID
GHSA-3m87-5598-2v4f
Published
December 13, 2023 9:26 PM
Last Modified
December 18, 2023 8:53 PM
CVSS Score
5.0 /10
Primary Ecosystem
Go
Primary Package
github.com/prometheus/prometheus
GitHub Reviewed
✓ Yes
Withdrawn
December 18, 2023 8:53 PM

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.