Stored XSS in dataset settings¶
Information¶
Advisory ID: DSA-2022-008
CVSS String: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Base Score: 8.8 (High)
CWE classification: CWE-79
Summary¶
Insufficient input sanitization could lead to a stored XSS in the “Preview” table of dataset settings
Affected Products¶
Dataiku DSS in versions before 10.0.8
Mitigation¶
Dataiku DSS 10.0.8 has been made available to customers to remediate this issue