CVE-2021-32609
- Source
- https://cve.org/CVERecord?id=CVE-2021-32609
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32609.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-32609
- Aliases
- Published
- 2021-10-18T15:15:07.653Z
- Modified
- 2026-05-06T12:22:08.077370Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
- References
Affected packages
Git / github.com/apache/superset
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/superset
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "1.1" } ] }
Affected versions
0.*
0.10.0
0.11.0
0.12.0
0.13.1
0.13.2
0.14.1
0.15.0
0.15.1
0.15.3
0.15.4
0.15.4.1
0.16.0
0.16.1
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.18.2
0.18.3
0.18.4
0.18.5
0.19.1
0.2.1
0.20.1
0.25-fork
0.29.0rc1
0.4.0
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.6.1
0.7.0
0.8.0
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.8.9
0.9.0
0.9.1
1.*
1.1.0
1.1.0rc1
1.1.0rc2
2020.*
2020.51.1
airbnb_prod.*
airbnb_prod.0.10.0.2
airbnb_prod.0.11.0.1
airbnb_prod.0.11.0.2
airbnb_prod.0.11.0.3
airbnb_prod.0.11.0.4
airbnb_prod.0.11.0.5
airbnb_prod.0.11.0.6
airbnb_prod.0.12.0.1
airbnb_prod.0.12.1.0
airbnb_prod.0.13.0.0
airbnb_prod.0.13.0.1
airbnb_prod.0.13.0.2
airbnb_prod.0.13.0.3
airbnb_prod.0.15.0.1
airbnb_prod.0.15.4.1
airbnb_prod.0.15.4.2
airbnb_prod.0.15.5.0
Other
dummy
rm
test_tag
v2020.*
v2020.51.0
v2021.*
v2021.3.0
v2021.5.0
v2021.5.1
v2021.6.0
v2021.7.0
v2021.8.0
v2021.9.0