Apache Superset is a data visualization and data exploration platform from the Apache (USA) Foundation. A cross-site scripting vulnerability exists in Apache Superset versions prior to 2.1.2, which stems from the presence of incorrect payload validation and incorrect REST API response type issues. An authenticated attacker could use this vulnerability to store malicious code into Chart’s metadata, which could be executed if a user specifically accesses a specific deprecated API endpoint.