Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.12 views

CVE-2023-43701

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

5.4CVSS6.8AI score0.01004EPSS
Exploits0References1
CVE
CVE
added 2023/11/27 10:52 a.m.61 views

CVE-2023-43701

CVE-2023-43701 affects Apache Superset up to version 2.1.1, where improper payload validation and a flawed REST API response type allow an authenticated attacker to store malicious code in chart metadata. The code could execute when a user accesses a specific deprecated API endpoint. Affected ver...

5.4CVSS4.9AI score0.01004EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/27 10:52 a.m.32 views

CVE-2023-43701 Apache Superset: Stored XSS on API endpoint

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

4.3CVSS5.7AI score0.01004EPSS
Exploits0References2
OSV
OSV
added 2023/11/27 10:52 a.m.14 views

CVE-2023-43701 Apache Superset: Stored XSS on API endpoint

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache...

4.3CVSS6.2AI score0.01004EPSS
Exploits0References4
Rows per page
Query Builder