CVE-2022-43717

Description

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Related CPE's

aapachesuperset********

aapachesuperset2.0.0rc1******

aapachesuperset2.0.0rc2******

aapachesuperset2.0.0-******

References

https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl

Mailing ListVendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

Could not find any metrics
Created by Yello
About Severity.io