apache-superset is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the Toast
function of Toast.tsx
does not properly escape the toast message when the user deletes CSS template records, allowing an attacker with write permission to CSS template to create malicious HTML tags by injecting and executing malicious JavaScript.