apache_superset is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not sufficiently sanitize the content of markdown components, which allows an attacker with dashboard “create” permissions to inject and execute malicious JavaScript due to the dashboard rendering mechanism failing to sanitize markdown.