Page 10 of 47 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. El parámetro "origin" pasado a algunos de los endpoints como "/trigger" era vulnerable a una explotación de XSS. Este problema afecta a Apache Airflow versiones anteriores a 1.10.13. • http://www.openwall.com/lists/oss-security/2020/12/11/2 http://www.openwall.com/lists/oss-security/2021/05/01/2 https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0

In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. En Apache Airflow versiones anteriores a 1.10.12, el parámetro "origin" pasado a algunos de los endpoints como "/trigger" era vulnerable a una explotación de un XSS • http://www.openwall.com/lists/oss-security/2020/12/11/2 http://www.openwall.com/lists/oss-security/2021/05/01/2 https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cannounce.apache.org%3E https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cdev.airflow.apache.org%3E https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a%40%3Cusers.airflow.apache.org%3E https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •