4 matches found
CVE-2023-43701
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...
CVE-2023-43701
CVE-2023-43701 affects Apache Superset up to version 2.1.1, where improper payload validation and a flawed REST API response type allow an authenticated attacker to store malicious code in chart metadata. The code could execute when a user accesses a specific deprecated API endpoint. Affected ver...
CVE-2023-43701 Apache Superset: Stored XSS on API endpoint
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...
CVE-2023-43701 Apache Superset: Stored XSS on API endpoint
Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...