CVE-2022-43720

MEDIUM Year: 2022
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-74
View all →

Vulnerability Description

An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.

Related Vulnerabilities

CVE-2013-4318

MEDIUM
CVSS:5.4(Medium)

File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory.

CWE-742013

CVE-2016-5013

MEDIUM
CVSS:5.4(Medium)

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.

CWE-742016

CVE-2017-1115

MEDIUM
CVSS:5.4(Medium)

IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the securit...

CWE-742017

CVE-2017-1202

MEDIUM
CVSS:5.4(Medium)

IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's ...

CWE-742017

CVE-2018-1549

MEDIUM
CVSS:5.4(Medium)

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL t...

CWE-742018

CVE-2018-1896

MEDIUM
CVSS:5.4(Medium)

IBM Connections 5.0, 5.5, and 6.0 is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. IBM X-Force ID: 152456.

CWE-742018