CVE-2022-43720
published 2023-01-16CVE-2022-43720: An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | superset | <= 1.5.2 | — |
| apache | superset | — | — |
| apache_software_foundation | apache_superset | <= 1.5.2 | — |
| apache_software_foundation | apache_superset | >= 2.0.0 < 2.0.1 | 2.0.1 |