Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Advisories: GSA_kwCzR0hTQS03OXg1LWN2NzktNDlyas4AAw_k
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Permalink: https://github.com/advisories/GHSA-79x5-cv79-49rjSource: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 13 days ago
Updated: 5 days ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-79x5-cv79-49rj, CVE-2022-43718
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-43718
- https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r
- https://github.com/advisories/GHSA-79x5-cv79-49rj
Affected Packages
pypi:apache-superset
Versions: = 2.0.0, <= 1.5.2No known fixed version