Lucene search
China National Vulnerability DatabaseCNVD-2022-09242HistoryJun 29, 2021 - 12:00 a.m.
Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2022-09242)
2021-06-2900:00:00
China National Vulnerability Database
www.cnvd.org.cn
17
apache airflow
cross-site scripting
scalability
dynamic monitoring
user input
origin parameter
html
script code
apache foundation
EPSS
0.002
Percentile
57.7%
Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. A cross-site scripting vulnerability exists in Apache Airflow, which is characterized by scalability and dynamic monitoring. The vulnerability stems from a program that does not properly filter user input in the “origin” parameter. An attacker could use this vulnerability to trick a victim into clicking on a specially crafted link and executing arbitrary HTML and script code in the user’s browser.
Related
veracode
veracode
Cross-Site Scripting (XSS)
2021-05-03 04:59:04
github
github
Cross-site Scripting in Apache Airflow
2021-06-18 18:43:42
cvelist
cvelist
CVE-2021-28359 Apache Airflow Reflected XSS via Origin Query Argument in URL
2021-05-02 07:55:12
osv
osv
PYSEC-2021-4
2021-05-02 08:15:00
Cross-site Scripting in Apache Airflow
2021-06-18 18:43:42
CVE-2021-28359
2021-05-02 08:15:06
prion
prion
Design/Logic Flaw
2021-05-02 08:15:00
nvd
nvd
CVE-2021-28359
2021-05-02 08:15:06
cve
cve
CVE-2021-28359
2021-05-02 08:15:06
fortinet
fortinet
Multiple vulnerabilities in Apache Airflow
2022-06-07 00:00:00