CVE-2022-43718

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-43718

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-43718.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-43718

Aliases

GHSA-79x5-cv79-49rj

Published

2023-01-16T11:15:10Z

Modified

2024-09-02T21:36:41Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

References

https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r

Affected packages

Git / github.com/apache/superset

Affected ranges

Type: GIT
Repo: https://github.com/apache/superset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

067495d954ee0015d35c1437245feb66984e4c49

Last affected

0c05300ce51b721e88870565833f72a3337cc300

Last affected

edbbf886af53009676a1fae32fc024efa2d68534