BIT-SUPERSET-2025-55672 Apache Superset: Stored XSS on charts metadata

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

SUSE-SU-2025:20196-1 Security update for helm

This update for helm fixes the following issues: - Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates - Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: chec...

Security update for helm

This update for helm fixes the following issues: Update to version 3.17.2 bsc1238688, CVE-2025-22870: Updating to 0.37.0 for x/net builddeps: bump the k8s-io group with 7 updates Update to version 3.17.1: merge null child chart objects builddeps: bump the k8s-io group with 7 updates fix: check...

Apache Superset Cross-site Scripting vulnerability

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

GHSA-WQ8Q-99P5-XFRW Apache Superset Cross-site Scripting vulnerability

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

PT-2023-28919 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 2.1.2 Description: The issue is caused by improper payload validation and an improper REST API response type. This allows an authenticated malicious actor to store malicious code into Chart's metadata. The co...

Apache Superset 跨站脚本漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. ...