Stored XSS in dataset settings
Information
-
Advisory ID: DSA-2022-008
-
CVSS String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
-
CVSS Base Score: 8.8 (High)
-
CWE classification: CWE-79
Summary
Insufficient input sanitization could lead to a stored XSS in the “Preview” table of dataset settings
Affected Products
Dataiku DSS in versions before 10.0.8
Mitigation
Dataiku DSS 10.0.8 has been made available to customers to remediate this issue