CVE-2022-43720

CVSS V2 None CVSS V3 None
Description
An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
Overview
  • CVE ID
  • CVE-2022-43720
  • Assigner
  • security@apache.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-16T11:15:10
  • Last Modified Date
  • 2023-01-24T15:58:15
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:* 1 OR 1.5.2
cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:* 1 OR
History
Created Old Value New Value Data Type Notes
2023-01-16 12:14:45 Added to TrackCVE
2023-01-16 12:14:46 Weakness Enumeration new
2023-01-17 14:15:06 2023-01-17T13:24:44 CVE Modified Date updated
2023-01-17 14:15:06 Received Awaiting Analysis Vulnerability Status updated
2023-01-23 15:14:02 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-24 16:14:29 2023-01-24T15:58:15 CVE Modified Date updated
2023-01-24 16:14:29 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-24 16:14:32 Weakness Enumeration update
2023-01-24 16:14:34 CPE Information updated