CVE-2022-43717

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-43717

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43717.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-43717

Aliases

Published

2023-01-16T11:15:10Z

Modified

2025-04-04T14:15:19Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

References

https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

067495d954ee0015d35c1437245feb66984e4c49

Last affected

0c05300ce51b721e88870565833f72a3337cc300

Last affected

edbbf886af53009676a1fae32fc024efa2d68534