Security
Headlines

Headlines Latest CVEs

Headline

GHSA-9f88-wg5r-947j: Apache Superset vulnerable to Cross-site Scripting

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

1 year ago

#xss #apache #git #auth

Apache Superset vulnerable to Cross-site Scripting

Moderate severity GitHub Reviewed Published Jan 16, 2023 • Updated Jan 20, 2023

Related news

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

1 year ago

#xss #apache #auth

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

2 days ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

2 days ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

2 days ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

2 days ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

2 days ago