Description
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Related CPE's
a
apache
superset
4
References
https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl
Mailing ListVendor Advisory
https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl
Mailing ListVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Modified
Published
2023-01-16T11:15:10.370
2 years agoLast modified
2025-04-04T14:15:19.013
2 months ago