XSS in Apache Software Foundation Superset

CVE-2021-27907

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unw…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.864 (99.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Superset — versions Apache Superset

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c187… (x_refsource_MISC)