Apache Airflow is an open source platform for creating, managing, and monitoring workflows from the Apache Foundation. A cross-site scripting vulnerability exists in Apache Airflow, which is characterized by scalability and dynamic monitoring. The vulnerability stems from a program that does not properly filter user input in the “origin” parameter. An attacker could use this vulnerability to trick a victim into clicking on a specially crafted link and executing arbitrary HTML and script code in the user’s browser.