CVE-2023-49657

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 3.0.3

Description A stored cross-site scripting (XSS) vulnerability exists in Apache Superset. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS. This could allow a remote attacker to conduct cross-site scripting attacks.

Recommendations For versions prior to 3.0.3, update to version 3.0.3 or later to resolve the issue. For 2.X versions, users should change their config to include the specified TALISMAN CONFIG settings to mitigate the risk.