CVE-2022-43718

Name of the Vulnerable Software and Affected Versions Apache Superset versions 1.5.2 and prior Apache Superset version 2.0.0

Description The issue arises from upload data forms not correctly rendering user input, leading to possible XSS attack vectors. These attacks can be performed by authenticated users who have permissions to update database connections.

Recommendations For Apache Superset versions 1.5.2 and prior, update to a version later than 1.5.2 to resolve the issue. For Apache Superset version 2.0.0, consider disabling upload data forms until a patch is available. Restrict access to database connection update permissions to minimize the risk of exploitation.