Lucene search
Veracode Vulnerability DatabaseVERACODE:38904HistoryJan 18, 2023 - 2:55 a.m.
Cross-site Scripting (XSS)
2023-01-1802:55:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
apache_superset
cross-site scripting
xss
markdown
javascript
dashboard
vulnerability
EPSS
0.001
Percentile
32.6%
apache_superset is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not sufficiently sanitize the content of markdown components, which allows an attacker with dashboard “create” permissions to inject and execute malicious JavaScript due to the dashboard rendering mechanism failing to sanitize markdown.
Related
cvelist
cvelist
CVE-2022-43717 Apache Superset: Cross-Site Scripting on dashboards
2023-01-16 10:08:04
cve
cve
CVE-2022-43717
2023-01-16 11:15:10
osv
osv
CVE-2022-43717
2023-01-16 11:15:10
Apache Superset vulnerable to Cross-site Scripting
2023-01-16 12:30:18
nvd
nvd
CVE-2022-43717
2023-01-16 11:15:10
prion
prion
Design/Logic Flaw
2023-01-16 11:15:00
cnvd
cnvd
Apache Superset Cross-Site Scripting Vulnerability (CNVD-2023-05220)
2023-01-18 00:00:00
github
github
Apache Superset vulnerable to Cross-site Scripting
2023-01-16 12:30:18