CVE-2022-43982 Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL

In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the origin query argument...

PT-2022-12314 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions 2.2.3 and below Description: The "Trigger DAG with config" screen in Apache Airflow is susceptible to XSS attacks via the origin query argument. Recommendations: For Apache Airflow versions 2.2.3 and below, consider...