CVE-2023-49657 Information

Description

A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.

For 2.X versions users should change their config to include:

TALISMAN_CONFIG =     ## Reference https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx http://www.openwall.com/lists/oss-security/2024/01/23/5