2 matches found
CVE-2022-43720
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions an...
CVE-2022-43720
CVE-2022-43720 affects Apache Superset (notified in multiple sources). An authenticated attacker with write permissions on CSS templates can create a record containing specific HTML tags that are not properly escaped by the toast message shown when deleting that CSS template, enabling HTML/Script...