CVE-2021-32609
pypi/apache-superset
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Apache Superset up to and including does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
All versions up to 1.1
Upgrade to version 1.2.0 or above.
2021-10-25
source |