Lucene search
K

27 matches found

OSV
OSV
added 2021/03/05 12:15 p.m.26 views

PYSEC-2021-127

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

5.4CVSS1.2AI score0.85966EPSS
Exploits0References3
Prion
Prion
added 2021/03/05 12:15 p.m.34 views

Cross site scripting

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The...

3.5CVSS5.5AI score0.85966EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2021/03/05 12:0 a.m.1 views

PT-2021-17661 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions up to and including 0.38.0 Description: The issue allows a malicious user to inject javascript code, executing unwanted actions in the context of the user's browser, by creating a Markdown component on a Dashboard pag...

5.5CVSS6.4AI score0.85966EPSS
Exploits0References14
Hacker One
Hacker One
added 2020/09/16 1:19 a.m.27 views

HackerOne: Stored Cross-Site Scripting vulnerability in example Custom Digital Agreement

The advanced vetting settings page is vulnerable to a Cross-Site Scripting XSS vulnerability by passing the unsanitized Program Name into a Markdown component, which expects sanitized HTML to be given. This leads to a stored XSS vulnerability that can be exploited by a program member when the...

0.1AI score
Exploits0
OSV
OSV
added 2018/12/22 12:29 a.m.6 views

CVE-2018-20351

The Markdown component in Evernote Chinese before 8.3.2 on macOS allows stored XSS, aka MAC-832...

6.1CVSS5.8AI score0.00647EPSS
Exploits0References1
NVD
NVD
added 2018/12/22 12:29 a.m.18 views

CVE-2018-20351

The Markdown component in Evernote Chinese before 8.3.2 on macOS allows stored XSS, aka MAC-832...

6.1CVSS6.1AI score0.00647EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/12/22 12:0 a.m.18 views

CVE-2018-20351

The Markdown component in Evernote Chinese before 8.3.2 on macOS allows stored XSS, aka MAC-832...

6.1AI score0.00647EPSS
Exploits0References1
Rows per page
Query Builder