—
GO-2026-5381
Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus
Details
Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display in github.com/prometheus/prometheus
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/prometheus/prometheus
Introduced in:
0 Fixed in: 0.311.3 Fix
go get github.com/prometheus/prometheus@v0.311.3