2 matches found
CVE-2021-27907
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
CVE-2021-27907
CVE-2021-27907 affects Apache Superset up to version 0.38.0. A vulnerability exists where a Markdown component on a Dashboard page can be abused to inject JavaScript that is executed in the context of a user’s browser (Stored XSS). The underlying issue is the ability to create a div containing an...