Lucene search
K

216 matches found

Prion
Prion
added 2024/02/29 1:44 a.m.24 views

Cross site scripting

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

4.3CVSS6.3AI score0.00567EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.6 views

Flask-AppBuilder Security Vulnerability

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.3.11 that originates when Flask AppBuilder is set to AUTHTYPE AUTHOID, which allows an attacker to spoof an HTTP request to spoof the back-end OpenID...

9.1CVSS6.7AI score0.00857EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.17 views

Flask-AppBuilder Cross-Site Scripting Vulnerability

Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.1.4 through 4.2.1, which stems from a cross-site scripting XSS vulnerability in the OAuth login page...

6.1CVSS5.8AI score0.00567EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2024/02/28 6:37 p.m.5 views

abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.11.0rc1) +147 more potentially affected by CVE-2024-25128 via flask-appbuilder (>=1.10.0 <=4.3.10)

flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.3, =0.0.4 and more Source cves: CVE-2024-25128 Source advisory: OSV:GHSA-J2PW-VP55-FQQJ...

9.1CVSS7.2AI score0.00857EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/02/28 6:37 p.m.31 views

Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID

Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...

9.1CVSS7AI score0.00857EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/02/28 6:37 p.m.33 views

GHSA-J2PW-VP55-FQQJ Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID

Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...

9.1CVSS5.9AI score0.00857EPSS
Exploits0References4
OSV
OSV
added 2024/02/28 6:37 p.m.21 views

GHSA-FQXJ-46WG-9V84 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

Impact A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. Impacte...

4.3CVSS5.1AI score0.00567EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2024/02/28 6:37 p.m.3 views

airflow-clickhouse-plugin (>=0.9.0 <=0.10.1), airflow-provider-ibm-db2 (=0.1.2) +10 more potentially affected by CVE-2024-27083 via flask-appbuilder (=4.1.4)

flask-appbuilder PYPI version =4.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on flask-appbuilder and may be impacted: - airflow-clickhouse-plugin =0.9.0, =2.4.2, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.2.0, =0.2.1 Source cves:...

6.1CVSS6AI score0.00567EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2024/02/28 3:34 p.m.11 views

CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

4.3CVSS4.5AI score0.00567EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 3:34 p.m.152 views

CVE-2024-27083

CVE-2024-27083 affects Flask-AppBuilder. An XSS on the OAuth login page was introduced in 4.1.4 and fixed in 4.2.1. Impact is on the OAuth login flow where crafted URLs can execute JavaScript in the user’s browser. Affected versions: 4.1.4 through 4.2.0; remediation: upgrade to 4.2.1 or newer. Ex...

6.1CVSS4.3AI score0.00567EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/02/28 3:34 p.m.48 views

CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

4.3CVSS5.2AI score0.00567EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/02/28 3:34 p.m.40 views

CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...

4.3CVSS4.7AI score0.00567EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/02/28 3:34 p.m.30 views

CVE-2024-27083

Removed by vendor...

6.1CVSS5.6AI score0.00567EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/28 3:30 p.m.40 views

CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

9.1CVSS9.3AI score0.00857EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 3:30 p.m.161 views

CVE-2024-25128

Flask-AppBuilder (FAB) is affected when AUTH_TYPE is set to AUTH_OID. The vulnerability allows forging an HTTP request to trick the backend into using an attacker-controlled OpenID service, potentially granting unauthorized privilege access. The issue is exploitable with OpenID 2.0 and is mitigat...

9.1CVSS9AI score0.00857EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/28 3:30 p.m.19 views

CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

9.1CVSS6.7AI score0.00857EPSS
Exploits0References2
OSV
OSV
added 2024/02/28 3:30 p.m.27 views

CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID

Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...

9.1CVSS8.9AI score0.00857EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2024/02/28 3:30 p.m.18 views

CVE-2024-25128

Removed by vendor...

9.1CVSS9.2AI score0.00857EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.10 views

PT-2024-20767

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.3.11 Description The issue allows an attacker to forge an HTTP request, deceiving the backend into using any requested OpenID service when Flask-AppBuilder is set to AUTH TYPE AUTH OID. This could grant an...

9.1CVSS8.2AI score0.00857EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.3 views

PT-2024-21635

Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions 4.1.4 through 4.2.0 Description A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user into following a specially crafted URL to the OAuth login page, whic...

6.1CVSS6.2AI score0.00567EPSS
Exploits0References13
Rows per page
Query Builder