Stored Cross Site Scripting (XSS)

2024-01-2407:38:22

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

stored cross site scripting

apache_superset

vulnerability

authenticated attacker

create permission

update permission

charts

dashboards

malicious script

html snippet

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

AI Score

5.9

Confidence

High

EPSS

Percentile

10.7%

JSON

apache_superset is vulnerable to Stored Cross Site Scripting (XSS). An authenticated attacker with create or update permissions on charts or dashboards could store a malicious script or add a specific HTML snippet, resulting in Stored Cross Site Scripting (XSS).