Lucene search
ApacheCVELIST:CVE-2022-43720HistoryJan 16, 2023 - 10:10 a.m.
CVE-2022-43720 Apache Superset: Improper rendering of user input
2023-01-1610:10:41
CWE-74
apache
www.cve.org
apache superset
vulnerability
rendering
0.001 Low
EPSS
Percentile
35.0%
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record.Β This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.0.1",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2022-43720
2023-01-16 11:15:10
veracode
veracode
Cross-site Scripting (XSS)
2023-01-18 04:06:41
cve
cve
CVE-2022-43720
2023-01-16 11:15:10
github
github
Apache Superset vulnerable to Injection
2023-01-16 12:30:17
prion
prion
Design/Logic Flaw
2023-01-16 11:15:00
osv
osv
CVE-2022-43720
2023-01-16 11:15:10
Apache Superset vulnerable to Injection
2023-01-16 12:30:17