Description

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Related CPE's

a

apache

superset

4

References

https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r

Mailing ListVendor Advisory

https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r

Mailing ListVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-16T11:15:10.443

2 years ago

Last modified

2025-04-07T16:15:18.047

2 months ago