CVE-2021-32609

CVE-2021-32609: XSS vulnerability on Explore page

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-79 · XSS

Published October 18, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.

Key dates

02Disclosure timeline

October 18, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-32609

Related vulnerabilities

04Related CVE

CVE-2023-27455 WordPress Update Image Tag Alt Attribute Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) CVE-2024-1196 SourceCodester Testimonial Page Manager HTTP POST Request add-testimonial.php cross site scripting CVE-2026-2288 myLinksDump <= 1.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'link_title' Parameter CVE-2022-38754 CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS) CVE-2025-32785 Pi-hole Admin Interface vulnerable to persistent XSS on Subscribed lists group management (Adress Field)