EUVD-2025-203011

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

CVE-2025-13972 WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'whtdownloadbigobjectorigin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handlebigobjectdownloadrequest function. This makes it possible for...

PT-2025-50839

The WatchTowerHQ plugin for WordPress is vulnerable to arbitrary file read via the 'wht download big object origin' parameter in all versions up to, and including, 3.15.0. This is due to insufficient path validation in the handle big object download request function. This makes it possible for...

CVE-2022-43982

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument...

CVE-2021-28359

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

PYSEC-2022-42970

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument...

PT-2022-27052 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.4.2 Description: The issue concerns an XSS attack via the origin query argument in the "Trigger DAG with config" screen. Recommendations: For versions prior to 2.4.2, update to version 2.4.2 or later to...

Apache Airflow 跨站脚本漏洞

Apache Airflow is a community-created platform for programmatically authoring, scheduling, and monitoring workflows. a cross-site scripting vulnerability exists in versions of Apache Airflow prior to 2.4.2. The vulnerability is related to the affected version not properly filtering user input. Th...

Heap overflow

The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service...

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2022-18262)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from a cross-site scripting vulnerability that stems from...

PYSEC-2022-29

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument. This issue affects Apache Airflow versions 2.2.3 and below...

Apache Airflow 跨站脚本漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow suffers from a cross-site scripting vulnerability that stems from...

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2022-09242)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site scripting vulnerability exists in Apache Airflow. The vulnerability...

GHSA-3XXV-P78R-4FC6 Cross-site Scripting in Apache Airflow

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

Apache Airflow Cross-site Scripting

In Apache Airflow 1.10.12, the origin parameter passed to some of the endpoints like /trigger and was vulnerable to a XSS exploit...

PYSEC-2021-4

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...

PYSEC-2020-21

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

PYSEC-2020-21

The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...

PT-2020-15030 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.15 Description: The issue is related to an XSS exploit through the origin parameter passed to certain endpoints, such as '/trigger'. Recommendations: For versions prior to 1.10.15, update to version 1.10....

Apache Airflow 跨站脚本漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. Apache Airflow cross-site scripting vulnerability , the vulnerability stems from...