{"uuid": "f2fccf14-696e-4675-a43c-7a7ae6f42b60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-27907", "type": "seen", "source": "https://t.me/cibsecurity/24515", "content": "\u203c CVE-2021-27907 \u203c\n\nApache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a \u00e2\u20acœdiv\u00e2\u20ac\ufffd section and embedding in it a \u00e2\u20acœsvg\u00e2\u20ac\ufffd element with javascript code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-05T14:47:24.000000Z"}