Grafana has released version 9.4.7, along with security patches for versions 8.5.22, 9.3.11, and 9.2.15, to address a stored XSS vulnerability identified as CVE-2023-1410. This vulnerability was responsibly disclosed through Grafana Labs' Bug Bounty program and involves an issue with the FunctionDescription tooltip in Graphite data sources that could allow attackers to execute XSS payloads. The vulnerability has a medium severity rating of CVSSv3.1 5.7 and can lead to privilege escalation if an attacker gains control over a configured Graphite data source or if a Grafana admin adds a malicious one. Users are advised to upgrade their Grafana installations to mitigate the threat. Grafana Labs encourages reporting of security vulnerabilities via a designated email and provides detailed security announcements and updates through their blog and RSS feed.