EPSS
Percentile
47.8%
apache superset is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript code in a user’s browser by creating a div section embedded with a malicious svg element.
div
svg
lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E
lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a@%3Cdev.superset.apache.org%3E