CVE-2022-43717

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
1.3%
top 19.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache SupersetApache Superset
Timeline
PublishedJan 16

Description

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

CVEListV5apache_software_foundation/apache_superset2.0.02.0.1+1
NVDapache/superset1.5.2+1
PyPIapache-superset1.5.2

🔴Vulnerability Details

3
CVEList
Apache Superset: Cross-Site Scripting on dashboards2023-01-16
OSV
Apache Superset vulnerable to Cross-site Scripting2023-01-16
GHSA
Apache Superset vulnerable to Cross-site Scripting2023-01-16
CVE-2022-43717 (MEDIUM CVSS 5.4) | Dashboard rendering does not suffic | cvebase.io