oss-sec mailing list archives
CVE-2021-32609: Apache Superset: XSS vulnerability on Explore page
From: Daniel Gaspar <dpgaspar () apache org>
Date: Fri, 15 Oct 2021 13:02:54 +0000
Description: Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page. Credit: Apache Superset team would like to thank Oscar Arnflo for reporting this issue
Current thread:
- CVE-2021-32609: Apache Superset: XSS vulnerability on Explore page Daniel Gaspar (Oct 15)