CVE-2021-27907

CVE-2021-27907

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart’s related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user’s browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “divâ€� section and embedding in it a “svgâ€� element with javascript code.

Source: CVE-2021-27907

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다