Re: CVE-2023-49657: Apache Superset: Stored XSS in Dashboard Title and Chart Title

Re: CVE-2023-49657: Apache Superset: Stored XSS in Dashboard Title and Chart Title

Open Source Security 

Posted by Christian Fischer on Jan 23

Hi,

it seems there is some inconsistency in the affected / fixed versions
mentioned here, in [1] as well as in the following part of the CVE entry
[2]:

> affected from 0 through 3.0.3

While [3] doesn’t list this CVE yet it seems 3.0.3 is the actual fixed
version as [4] mentions a relevant entry around an XSS in a „Dashboard“:

> #21822 fix(dashboard): Prevent XSS attack vector (@agl-developer)

which links to [5] as…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert