Lucene search
K

11 matches found

OSV
OSV
added 2026/06/23 8:15 p.m.3 views

CVE-2026-47383 NocoDB: Stored Cross-Site Scripting via Row Comments

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...

7.4CVSS6AI score0.00288EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.12 views

PT-2025-52315

Name of the Vulnerable Software and Affected Versions Cameleon CMS version 2.7.4 Description The application contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious scripts into post titles. An attacker can create posts with embedded SVG scripts that...

5.4CVSS5.9AI score0.00205EPSS
Exploits1References5
OSV
OSV
added 2025/08/18 8:13 a.m.6 views

BIT-SUPERSET-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS6AI score0.00662EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/08/16 1:28 p.m.7 views

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS6AI score0.00662EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/14 3:30 p.m.13 views

Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS6AI score0.00662EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/08/14 3:30 p.m.2 views

GHSA-FJ97-2V9X-W5M4 Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.3CVSS6AI score0.00662EPSS
Exploits0References4
NVD
NVD
added 2025/08/14 2:15 p.m.7 views

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS0.00662EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/14 1:17 p.m.3 views

CVE-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.3CVSS6AI score0.00662EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/14 1:17 p.m.10 views

CVE-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.3CVSS0.00662EPSS
Exploits0References1
CVE
CVE
added 2025/08/14 1:17 p.m.45 views

CVE-2025-55672

Summary: Apache Superset has a stored XSS in the chart visualization. An authenticated user with chart-edit permissions can inject a payload into a column label, which is executed in victims’ browsers on hover. This affects versions before 5.0.0 and can lead to session hijacking or arbitrary comm...

5.4CVSS6AI score0.00662EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/08/14 1:17 p.m.7 views

CVE-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.3CVSS6.4AI score0.00662EPSS
Exploits0References4
Rows per page
Query Builder