27 matches found
PYSEC-2021-127
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
Cross site scripting
Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...
PT-2021-17661 · Apache · Apache Superset
Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 0.38.0 Description: The issue allows a malicious user to inject javascript code, executing unwanted actions in the context of the user's browser, by creating a Markdown component on a Dashboard pag...
HackerOne: Stored Cross-Site Scripting vulnerability in example Custom Digital Agreement
The advanced vetting settings page is vulnerable to a Cross-Site Scripting XSS vulnerability by passing the unsanitized Program Name into a Markdown component, which expects sanitized HTML to be given. This leads to a stored XSS vulnerability that can be exploited by a program member when the...
CVE-2018-20351
The Markdown component in Evernote Chinese before 8.3.2 on macOS allows stored XSS, aka MAC-832...
CVE-2018-20351
The Markdown component in Evernote Chinese before 8.3.2 on macOS allows stored XSS, aka MAC-832...
CVE-2018-20351
The Markdown component in Evernote Chinese before 8.3.2 on macOS allows stored XSS, aka MAC-832...