Lucene search
+L

7 matches found

osv
osv
added 2025/08/18 8:13 a.m.6 views

BIT-SUPERSET-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS6AI score0.00662EPSS
Exploits0References3
osv
osv
added 2025/04/22 2:8 p.m.7 views

SUSE-SU-2025:20196-1 Security update for helm

This update for helm fixes the following issues: - Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates - Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: chec...

9.1CVSS6.7AI score0.03153EPSS
Exploits4References11
suse
suse
added 2025/04/22 1:48 p.m.7 views

Security update for helm

This update for helm fixes the following issues: Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: check...

8.2CVSS7.4AI score0.03153EPSS
Exploits4References20
osv
osv
added 2023/11/27 12:30 p.m.12 views

GHSA-WQ8Q-99P5-XFRW Apache Superset Cross-site Scripting vulnerability

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

4.3CVSS5.4AI score0.01004EPSS
Exploits0References5
github
github
added 2023/11/27 12:30 p.m.31 views

Apache Superset Cross-site Scripting vulnerability

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

5.4CVSS7.1AI score0.01004EPSS
Exploits0References5Affected Software1
cnnvd
cnnvd
added 2023/11/27 12:0 a.m.4 views

Apache Superset 跨站脚本漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. ...

5.4CVSS6.2AI score0.01004EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/11/27 12:0 a.m.9 views

PT-2023-28919

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 2.1.2 Description The issue is caused by improper payload validation and an improper REST API response type. This allows an authenticated malicious actor to store malicious code into Chart's metadata. The code...

5.4CVSS6.2AI score0.01004EPSS
Exploits0References14
Rows per page
Query Builder