Moderate severityNVD Advisory· Published Jan 16, 2023· Updated Apr 4, 2025
Apache Superset: Cross-Site Scripting on dashboards
CVE-2022-43717
Description
Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-supersetPyPI | <= 1.5.2 | — |
Affected products
3- osv-coords2 versions
< 1.5.3+ 1 more
- (no CPE)range: < 1.5.3
- (no CPE)range: <= 1.5.2
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-9f88-wg5r-947jghsaADVISORY
- lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9plghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-43717ghsaADVISORY
News mentions
0No linked articles in our index yet.