{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T07:27:55.551","vulnerabilities":[{"cve":{"id":"CVE-2022-43720","sourceIdentifier":"security@apache.org","published":"2023-01-16T11:15:10.587","lastModified":"2025-04-07T15:15:41.140","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.\n"},{"lang":"es","value":"Un atacante autenticado con permisos de escritura de plantillas CSS puede crear un registro con etiquetas HTML específicas que no se escaparán correctamente en el mensaje del sistema que se muestra cuando un usuario elimina ese registro de plantilla CSS específico. Este problema afecta a Apache Superset versión 1.5.2 y versiones anteriores y a la versión 2.0.0."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.5}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:*:*:*:*:*:*:*:*","versionEndIncluding":"1.5.2","matchCriteriaId":"CD514249-ED9E-45F1-9D50-4A7CE6DB166B"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:2.0.0:-:*:*:*:*:*:*","matchCriteriaId":"35CD3C6F-B3E0-437C-A1D7-EF700C76923C"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:2.0.0:rc1:*:*:*:*:*:*","matchCriteriaId":"ADD3485B-3FFC-4B60-89F5-E4ECA0C680B6"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:superset:2.0.0:rc2:*:*:*:*:*:*","matchCriteriaId":"BC060A49-79ED-4539-9E68-EDB15D7F2445"}]}]}],"references":[{"url":"https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Vendor Advisory"]}]}}]}