Skip to content

Apache Superset Stored XSS on Dashboard markdown

Moderate severity GitHub Reviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Aug 31, 2023

Package

pip apache-superset (pip)

Affected versions

<= 0.38.0

Patched versions

0.38.1

Description

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code.

References

Published by the National Vulnerability Database Mar 5, 2021
Published to the GitHub Advisory Database May 24, 2022
Reviewed Jun 22, 2022
Last updated Aug 31, 2023

Severity

Moderate
5.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Weaknesses

CVE ID

CVE-2021-27907

GHSA ID

GHSA-w358-rj93-r5qv

Source code

Checking history
See something to contribute? Suggest improvements for this vulnerability.