2 matches found
PT-2023-14667
Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0 Description The system allowed an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint when the feature flag DASHBOARD CACHE was...
GHSA-JJMG-XMQ2-G6FF Magento 2 Community Edition XSS Vulnerability
A stored cross-site scripting XSS vulnerability exists in in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to the wysiwyg editor can abuse the blockDirective function and inject malicious javascript ...