Apache Superset vulnerable to Cross-site Scripting
Moderate severity
GitHub Reviewed
Published
Jan 16, 2023
to the GitHub Advisory Database
•
Updated Jan 24, 2023
Description
Published by the National Vulnerability Database
Jan 16, 2023
Published to the GitHub Advisory Database
Jan 16, 2023
Reviewed
Jan 20, 2023
Last updated
Jan 24, 2023
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
References