Grafana has released versions 11.1.4, 11.0.3, and 10.4.7 to address a medium severity security vulnerability identified as CVE-2024-6837, which affects the Swagger API documentation, allowing for potential XSS exploits. The vulnerability, impacting Grafana OSS and Enterprise versions from 10.4.0 to 11.1.3, enables attackers to inject arbitrary HTML content that could steal session cookies or interact with the API on behalf of users. Grafana Cloud offerings have received the necessary patches, and cloud providers like Amazon and Azure have been notified to ensure security. Users are advised to upgrade to patched versions and implement a Content Security Policy to mitigate risks. The vulnerability was introduced in January 2024 and discovered in July through Grafana's Security Bounty program, with a fix merged and publicly released by mid-August. Grafana Labs encourages reporting security issues via their dedicated page and maintains a blog for security updates and announcements.