Lucene search

Veracode Vulnerability DatabaseVERACODE:45148

HistoryJan 24, 2024 - 7:38 a.m.

Stored Cross Site Scripting (XSS)

2024-01-2407:38:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

stored cross site scripting

apache_superset

vulnerability

authenticated attacker

create permission

update permission

charts

dashboards

malicious script

html snippet

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.1%

JSON

apache_superset is vulnerable to Stored Cross Site Scripting (XSS). An authenticated attacker with create or update permissions on charts or dashboards could store a malicious script or add a specific HTML snippet, resulting in Stored Cross Site Scripting (XSS).

CPENameOperatorVersion
apache-supersetle3.0.2
apache-supersetle3.0.2

CPE	Name	Operator	Version
	apache-superset	le	3.0.2
	apache-superset	le	3.0.2

References

www.openwall.com/lists/oss-security/2024/01/23/5

github.com/advisories/GHSA-rwhh-6x83-84v6

github.com/apache/superset/commit/ec20c0104e6913cd9b2ab8bacae22eb25ae4cce1

github.com/apache/superset/pull/21822

lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.1%

JSON

Related for VERACODE:45148