Lucene search
ApacheCVELIST:CVE-2022-43718HistoryJan 16, 2023 - 10:10 a.m.
CVE-2022-43718 Apache Superset: Cross-Site Scripting vulnerability on upload forms
2023-01-1610:10:04
CWE-79
apache
www.cve.org
apache superset
xss
vulnerability
cve-2022-43718
upload forms
cross-site scripting
authenticated users
database connection.
0.001 Low
EPSS
Percentile
32.8%
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions.Β This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
cnvd
cnvd
Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-05219)
2023-01-18 00:00:00
veracode
veracode
Cross-site Scripting (XSS)
2023-01-18 01:39:58
osv
osv
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
2023-01-16 12:30:18
CVE-2022-43718
2023-01-16 11:15:10
cve
cve
CVE-2022-43718
2023-01-16 11:15:10
prion
prion
Design/Logic Flaw
2023-01-16 11:15:00
nvd
nvd
CVE-2022-43718
2023-01-16 11:15:10
github
github
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
2023-01-16 12:30:18