Lucene search
China National Vulnerability DatabaseCNVD-2023-96659HistoryNov 30, 2023 - 12:00 a.m.
Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-9665948)
2023-11-3000:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
apache superset
data visualization
cross-site scripting
vulnerability
payload validation
rest api
deprecated api
Apache Superset is a data visualization and data exploration platform from the Apache (USA) Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. An authenticated attacker could use this vulnerability to store malicious code into Chart’s metadata, which could be executed if a user specifically accesses a specific deprecated API endpoint.
| CPE | Name | Operator | Version |
|---|---|---|---|
| apache superset | lt | 2.1.2 |
Related
github
github
Apache Superset Cross-site Scripting vulnerability
2023-11-27 12:30:55
prion
prion
Input validation
2023-11-27 11:15:00
cve
cve
CVE-2023-43701
2023-11-27 11:15:07
nvd
nvd
CVE-2023-43701
2023-11-27 11:15:07
osv
osv
Apache Superset Cross-site Scripting vulnerability
2023-11-27 12:30:55
CVE-2023-43701
2023-11-27 11:15:07
cvelist
cvelist
CVE-2023-43701 Apache Superset: Stored XSS on API endpoint
2023-11-27 10:52:09