Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/08/16 1:28 p.m.9 views

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS6AI score0.00662EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/14 3:30 p.m.14 views

Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS6AI score0.00662EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/08/14 2:15 p.m.7 views

CVE-2025-55672

A stored Cross-Site Scripting XSS vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they...

5.4CVSS0.00662EPSS
Exploits0References2
CVE
CVE
added 2025/08/14 1:17 p.m.48 views

CVE-2025-55672

Summary: Apache Superset has a stored XSS in the chart visualization. An authenticated user with chart-edit permissions can inject a payload into a column label, which is executed in victims’ browsers on hover. This affects versions before 5.0.0 and can lead to session hijacking or arbitrary comm...

5.4CVSS6AI score0.00662EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder