Description

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Related CPE's

a

apache

superset

4

References

https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl

Mailing ListVendor Advisory

https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl

Mailing ListVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-16T11:15:10.370

2 years ago

Last modified

2025-04-04T14:15:19.013

2 months ago