Описание
Apache Superset vulnerable to Injection
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Пакеты
Наименование
apache-superset
pip
Затронутые версииВерсия исправления
<= 1.5.2
Отсутствует
Наименование
apache-superset
pip
Затронутые версииВерсия исправления
= 2.0.0
Отсутствует
Связанные уязвимости
CVSS3: 5.4
nvd
около 3 лет назад
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.