Arnaud Pascal

**Name of the Vulnerable Software and Affected Versions** Azure Monitor (affected versions not specified) **Description** The software contains a flaw due to improper neutralization of input during web page generation, which can lead to cross-site scripting. An authorized attacker can exploit this to perform spoofing over a network. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Superset versions up to and including 2.1.0 **Description** The issue is related to an incorrect authorization check in SQLLab, allowing an authenticated user to query tables they do not have proper access to. This can be exploited by leveraging a SQL parsing vulnerability. **Recommendations** For Apache Superset versions up to and including 2.1.0, update to a version later than 2.1.0 to resolve the issue. As a temporary workaround, consider restricting access to SQLLab or limiting the privileges of authenticated users to minimize the risk of exploitation.