A flaw was found in Grafana before 5.2.0-beta1 has cross-site scripting vulnerabilities in the dashboard links when using html with XSS as a link title. References: https://github.com/grafana/grafana/pull/11813
The version of Grafana (grafana-2.0.2-3.el7ost) that is shipped in OpenStack Optools (7, 8 & 9) does not contain the vulnerable code or the feature being exploited.