Home > Vulnerability Database > CVE-2022-43717

Mend.io Vulnerability Database

CVE-2022-43717

Good to know:

Date: January 16, 2023

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Language: Python

Severity Score

5.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-43717

Url: https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl

Url: https://github.com/apache/superset

Url: https://www.mend.io/vulnerability-database/CVE-2022-43717

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-43717

Good to know:

Date: January 16, 2023

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?