漏洞标题
Apache superset:仪表板标题和图表标题中的存储式XSS
漏洞描述信息
Apache Superset的存储式跨站点脚本(XSS)漏洞在3.0.3版之前存在。一个已验证的攻击者,他们有 charts或 dashboards 的 create/update 权限,可以在上面存储一个脚本或添加一个特定的HTML代码片段,作为一个存储的XSS。
对于2.x版本的用户,他们应该改变其配置来包括以下内容:
TALISMAN_CONFIG = {
"content_security_policy": {
"base-uri": ["'self'"],
"default-src": ["'self'"],
"img-src": ["'self'", "blob:", "data:"],
"worker-src": ["'self'", "blob:"],
"connect-src": [
"'self'",
" https://api.mapbox.com" https://api.mapbox.com" ;,
" https://events.mapbox.com" https://events.mapbox.com" ;,
],
"object-src": "'none'",
"style-src": [
"'self'",
"'unsafe-inline'",
],
"script-src": ["'self'", "'strict-dynamic'"],
},
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
"session_cookie_secure": False,
}
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Apache Superset: Stored XSS in Dashboard Title and Chart Title
漏洞描述信息
A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.
For 2.X versions, users should change their config to include:
TALISMAN_CONFIG = {
"content_security_policy": {
"base-uri": ["'self'"],
"default-src": ["'self'"],
"img-src": ["'self'", "blob:", "data:"],
"worker-src": ["'self'", "blob:"],
"connect-src": [
"'self'",
" https://api.mapbox.com" https://api.mapbox.com" ;,
" https://events.mapbox.com" https://events.mapbox.com" ;,
],
"object-src": "'none'",
"style-src": [
"'self'",
"'unsafe-inline'",
],
"script-src": ["'self'", "'strict-dynamic'"],
},
"content_security_policy_nonce_in": ["script-src"],
"force_https": False,
"session_cookie_secure": False,
}
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
漏洞类别
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
漏洞标题
Apache Superset 跨站脚本漏洞
漏洞描述信息
Apache Superset是美国阿帕奇(Apache)基金会的一个数据可视化和数据探索平台。 Apache Superset 3.0.3及之前版本存在跨站脚本漏洞,该漏洞源于存在存储型跨站脚本(XSS)漏洞,经过身份验证的攻击者可以存储脚本或添加特定HTML片段。
CVSS信息
N/A
漏洞类别
跨站脚本