// For flags

CVE-2021-27907

Apache Superset stored XSS on Dashboard markdown

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code.

Apache Superset versiones hasta 0.38.0 incluyendo, permitió la creación de un componente Markdown en una página Dashboard para describir la información relacionada con el gráfico. Abusando de esta funcionalidad, un usuario malicioso podría inyectar código javascript ejecutando una acción no deseada en el contexto del navegador del usuario. El código javascript será automáticamente ejecutado (XSS almacenado) cuando un usuario legítimo navega por la página dashboard. La vulnerabilidad es explotable creando una sección "div" e insertando en ella un elemento "svg" con código javascript

*Credits: This issue was reported by Gianluca Veltri and Dario Castrogiovanni of Cuebiq
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-03-02 CVE Reserved
  • 2021-03-05 CVE Published
  • 2024-01-26 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
Superset
Search vendor "Apache" for product "Superset"
<= 0.38.0
Search vendor "Apache" for product "Superset" and version " <= 0.38.0"
-
Affected