CVE-2022-43718

CVE-2022-43718: Apache Superset: Cross-Site Scripting vulnerability on upload forms

Vendor Apache Software Foundation

Product Apache Superset

Weakness CWE-79 · XSS

Published January 16, 2023

Last update April 7, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Key dates

Disclosure timeline

January 16, 2023 CVE published

April 7, 2025 Record updated

Identifiers

CVE CVE-2022-43718

CWE CWE-79

Affected versions

Vendor Apache Software Foundation

Product Apache Superset

Affected ≥ 2.0.0 and < 2.0.1

Vendor Apache Software Foundation

Product Apache Superset

Affected ≤ 1.5.2