Home > Vulnerability Database > CVE-2022-43718

Mend.io Vulnerability Database

CVE-2022-43718

Good to know:

Date: January 16, 2023

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Language: Python

Severity Score

5.4

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-43718

Url: https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r

Url: https://github.com/apache/superset

Url: https://www.mend.io/vulnerability-database/CVE-2022-43718

Severity Score

5.4

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-43718

Good to know:

Date: January 16, 2023

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?