You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@superset.apache.org by Daniel Gaspar <dp...@apache.org> on 2023/01/16 09:14:35 UTC

CVE-2022-43718: Apache Superset: Cross-Site Scripting vulnerability on upload forms

Description:

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Credit:

Positive Technologies (finder)

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-43718