CVE-2021-32609

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Superset versions up to and including 1.1

Description The issue allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page, due to incorrect sanitization of titles on the Explore page.

Recommendations For Apache Superset versions up to and including 1.1, update to a version that correctly sanitizes titles to prevent html injection.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-SUPERSET-2021-32609

CVE-2021-32609

GHSA-F8VC-F28W-X9C9

PYSEC-2021-377

Affected Products

Apache Superset

CVE-2021-32609

Weakness Enumeration

Related Identifiers

Affected Products

References · 9