Grafana: Reflected XSS via Path Traversal and Open Redirect Leading to SSRF

In Grafana versions from 10.4.18+security-01 before 10.4.19, from 11.2.9+security-01 before 11.2.10, from 11.3.6+security-01 before 11.3.7, from 11.4.4+security-01 before 11.4.5, from 11.5.4+security-01 before 11.5.5, from 11.6.1+security-01 before 11.6.2 and from 12.0.0+security-01 before 12.0.1 a high severity vulnerability CVE-2025-4123 was detected. This vulnerability lets attackers redirect users to malicious sites executing JavaScript without editor rights, can cause SSRF with the Image Renderer plugin. To address this issue, users should upgrade Grafana to versions 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01 and 12.0.0+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4123.