You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@apache.org by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:23:12 UTC
CVE-2022-43720: Apache Superset: Improper rendering of user input
Severity: low
Description:
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Credit:
Positive Technologies (finder)
References:
https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-43720