CVE-2022-43720: Apache Superset: Improper rendering of user input

[Daniel Gaspar <dpgaspar () apache org>]

Severity: low

Description:

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not 
get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue 
affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Credit:

Positive Technologies (finder)

References:

https://superset.apache.org
https://www.cve.org/CVERecord?id=CVE-2022-43720