Moderate severityNVD Advisory· Published Jan 16, 2023· Updated Apr 7, 2025

Apache Superset: Cross-Site Scripting vulnerability on upload forms

CVE-2022-43718

Description

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
apache-supersetPyPI	<= 1.5.2	—

Affected products

osv-coords2 versions
pkg:bitnami/superset pkg:pypi/apache-superset
< 1.5.3+ 1 more
- (no CPE)range: < 1.5.3
- (no CPE)range: <= 1.5.2
Apache/Supersetcpe-rescue
Range: 2.0.0

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-79x5-cv79-49rjghsaADVISORY
lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2rghsavendor-advisoryWEB
nvd.nist.gov/vuln/detail/CVE-2022-43718ghsaADVISORY

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000