CVE-2025-47932

Combodo iTop (web-based IT service management) is affected. Affected versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when rendering dashboards via AJAX. Root cause: insufficient sanitization of the variable used during the dashboard render. The issue is addressed in vers...

PT-2025-46185

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 and 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to a cross-site scripting issue when a dashboard is rendered via an AJAX call. The issue occurs when rendering a...

BIT-SUPERSET-2022-43717 Apache Superset: Cross-Site Scripting on dashboards

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

Apache Superset vulnerable to Cross-site Scripting

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

Design/Logic Flaw

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

Apache Superset 跨站脚本漏洞

A cross-site scripting vulnerability exists in Apache Superset, a data visualization and data exploration platform from the Apache Foundation. The vulnerability stems from a failure of the dashboard rendering to adequately clean up the content of the Markdown component, which could be exploited b...