3 matches found
CVE-2023-49657
A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their...
CVE-2023-49657 Apache Superset: Stored XSS in Dashboard Title and Chart Title
A stored cross-site scripting XSS vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. For 2.X versions, users should change their...
CVE-2023-49657
Apache Superset prior to 3.0.3 is affected by a stored XSS vulnerability: an authenticated user with create/update permissions on charts or dashboards can store a script or HTML snippet that executes in the context of a page. Impact details in the connected sources align on stored XSS with potent...