Volerion logoVolerion
Volerion logoVolerion

Apache Superset Stored Cross-Site Scripting Vulnerability in Chart Visualization

Vulnerability

A stored Cross-Site Scripting vulnerability has been identified in Apache Superset's chart visualization component, affecting versions prior to 5.0.0. This vulnerability allows authenticated users with permission to edit charts to inject malicious payloads into column labels. The injected payloads are executed in the browsers of users who hover over the charts, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.

Impact

Exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected scripts are executed in the context of the user viewing the chart. This could result in session hijacking or unauthorized command execution on behalf of the user.

Remediation

Users are advised to upgrade to Apache Superset version 5.0.0 or later, which addresses this vulnerability.

Added: Aug 14, 2025, 3:16 PM
Updated: Aug 14, 2025, 3:16 PM

Vulnerability Rating

Custom Algorithm
spread
1.9
impact
5.4
exploitability
5.0
remediation
7.7
relevance
0.3
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.