Lucene search
ApacheCVELIST:CVE-2021-32609HistoryOct 18, 2021 - 2:30 p.m.
CVE-2021-32609 XSS vulnerability on Explore page
2021-10-1814:30:12
CWE-79
apache
www.cve.org
2
cve-2021-32609
xss
explore page
apache superset
EPSS
0.001
Percentile
40.5%
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
CNA Affected
[
{
"product": "Apache Superset",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "1.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cve
cve
CVE-2021-32609
2021-10-18 15:15:07
cnvd
cnvd
Apache Superset Cross-Site Scripting Vulnerability
2021-10-19 00:00:00
osv
osv
CVE-2021-32609
2021-10-18 15:15:07
PYSEC-2021-377
2021-10-18 15:15:00
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page
2022-05-24 19:17:47
prion
prion
Design/Logic Flaw
2021-10-18 15:15:00
nvd
nvd
CVE-2021-32609
2021-10-18 15:15:07
github
github
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page
2022-05-24 19:17:47