Lucene search
GoogleOSV:GHSA-F8VC-F28W-X9C9HistoryMay 24, 2022 - 7:17 p.m.
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page
2022-05-2419:17:47
Google
osv.dev
9
apache
superset
vulnerability
explore
page
attacker
html
scripts
software
EPSS
0.001
Percentile
40.5%
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
References
github.com/advisories/GHSA-f8vc-f28w-x9c9
github.com/apache/superset
github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-377.yaml
lists.apache.org/thread.html/r2c09254e98b4f8b3deb422762bd0e2aa6d743b72d96c2f90cbaae31a%40%3Cdev.superset.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2021-32609
Related
cnvd
cnvd
Apache Superset Cross-Site Scripting Vulnerability
2021-10-19 00:00:00
osv
osv
CVE-2021-32609
2021-10-18 15:15:07
PYSEC-2021-377
2021-10-18 15:15:00
cve
cve
CVE-2021-32609
2021-10-18 15:15:07
prion
prion
Design/Logic Flaw
2021-10-18 15:15:00
nvd
nvd
CVE-2021-32609
2021-10-18 15:15:07
cvelist
cvelist
CVE-2021-32609 XSS vulnerability on Explore page
2021-10-18 14:30:12
github
github
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page
2022-05-24 19:17:47