Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Affected Packages

PyPI apache-superset

Affected versions: 0 (last affected: 1.5.2)

PyPI apache-superset

Related CVEs

CVE-2022-43718

Key Information

GHSA ID

GHSA-79x5-cv79-49rj

Published

January 16, 2023 12:30 PM

Last Modified

April 7, 2025 7:52 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-superset

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 12, 2025 6:34 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.