Primary

Context

SICK Incoming Goods Suite Grafana XSS Vulnerability via Open Redirect

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in the SICK Incoming Goods Suite, specifically within the Grafana component used for log management. This vulnerability arises from a combination of client path traversal and open redirect, allowing attackers to redirect users to a site hosting a frontend plugin that executes arbitrary JavaScript. The issue does not require editor permissions and can be exploited if anonymous access is enabled. Additionally, if the Grafana Image Renderer plugin is installed, the open redirect could be used to achieve full read server-side request forgery (SSRF). The default Content-Security-Policy in Grafana blocks the XSS, except for the 'connect-src' directive.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected JavaScript is executed in the context of the user's browser.

Remediation

Users are strongly recommended to upgrade to the latest release of SICK Incoming Goods Suite (version 1.2.1 or higher).

Added: Jan 15, 2026, 2:39 PM

Updated: Jan 15, 2026, 2:39 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

7.1

remediation

7.9

relevance

2.1

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

0.6

exploitability

7.1

remediation

7.9

relevance

2.1

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SICK Incoming Goods Suite Grafana XSS Vulnerability via Open Redirect

Vulnerability

Impact

Remediation

Affected Products

Grafana

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating