CVE-2023-49657: Apache Superset: Stored XSS in Dashboard Title and Chart Title

CVE-2023-49657: Apache Superset: Stored XSS in Dashboard Title and Chart Title

Open Source Security 

Posted by Daniel Gaspar on Jan 23

Affected versions:

– Apache Superset through 3.0.3

Description:

A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker
with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would
act as a stored XSS.

For 2.X versions, users should change their config to include:

TALISMAN_CONFIG = {
   …
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert