CVE-2021-32609

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
5.4MEDIUM
EPSS
3.9%
top 11.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedOct 18
Latest updateMay 24

Description

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

PyPIapache-superset< 1.2.0
CVEListV5apache_software_foundation/apache_supersetunspecified1.1

🔴Vulnerability Details

4
OSV
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page2022-05-24
GHSA
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page2022-05-24
CVEList
XSS vulnerability on Explore page2021-10-18
OSV
CVE-2021-32609: Apache Superset up to and including 12021-10-18
CVE-2021-32609 (MEDIUM CVSS 5.4) | Apache Superset up to and including | cvebase.io