11 matches found
CVE-2026-47383 NocoDB: Stored Cross-Site Scripting via Row Comments
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, an authenticated commenter could store HTML in row comments that executed as script when other users hovered over the comment in the expanded form view. The comment write paths persisted the raw comment body with no...
PT-2025-52315
Name of the Vulnerable Software and Affected Versions Cameleon CMS version 2.7.4 Description The application contains a persistent cross-site scripting issue. Authenticated administrators can inject malicious scripts into post titles. An attacker can create posts with embedded SVG scripts that...
BIT-SUPERSET-2025-55672 Apache Superset: Stored XSS on charts metadata
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
CVE-2025-55672
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
GHSA-FJ97-2V9X-W5M4 Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
CVE-2025-55672
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
CVE-2025-55672 Apache Superset: Stored XSS on charts metadata
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
CVE-2025-55672 Apache Superset: Stored XSS on charts metadata
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...
CVE-2025-55672
Summary: Apache Superset has a stored XSS in the chart visualization. An authenticated user with chart-edit permissions can inject a payload into a column label, which is executed in victims’ browsers on hover. This affects versions before 5.0.0 and can lead to session hijacking or arbitrary comm...
CVE-2025-55672 Apache Superset: Stored XSS on charts metadata
A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...