Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories: GSA_kwCzR0hTQS03OXg1LWN2NzktNDlyas4AAw_k

Apache Superset is vulnerable to Cross-Site Scripting (XSS)

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Permalink: https://github.com/advisories/GHSA-79x5-cv79-49rj

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 13 days ago
Updated: 5 days ago

CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-79x5-cv79-49rj, CVE-2022-43718
References:

Affected Packages

pypi:apache-superset
Versions: = 2.0.0, <= 1.5.2
No known fixed version