CVE-2021-32609
published 2021-10-18CVE-2021-32609: Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | superset | <= 1.1 | — |
| apache_software_foundation | apache_superset | unspecified – 1.1 | — |