HTML Injection Vulnerability in Apache Superset

HTML Injection Vulnerability in Apache Superset

CVE-2022-43720 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Learn more about our Cis Benchmark Audit For Apache Http Server.