216 matches found
Cross site scripting
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...
Flask-AppBuilder Security Vulnerability
Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.3.11 that originates when Flask AppBuilder is set to AUTHTYPE AUTHOID, which allows an attacker to spoof an HTTP request to spoof the back-end OpenID...
Flask-AppBuilder Cross-Site Scripting Vulnerability
Flask-AppBuilder is a simple and fast application development framework. A security vulnerability exists in Flask-AppBuilder versions prior to 4.1.4 through 4.2.1, which stems from a cross-site scripting XSS vulnerability in the OAuth login page...
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.11.0rc1) +147 more potentially affected by CVE-2024-25128 via flask-appbuilder (>=1.10.0 <=4.3.10)
flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.1, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.3, =0.0.4 and more Source cves: CVE-2024-25128 Source advisory: OSV:GHSA-J2PW-VP55-FQQJ...
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...
GHSA-J2PW-VP55-FQQJ Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Impact When Flask-AppBuilder is set to AUTHTYPE AUTHOID, allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the...
GHSA-FQXJ-46WG-9V84 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Impact A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. Impacte...
airflow-clickhouse-plugin (>=0.9.0 <=0.10.1), airflow-provider-ibm-db2 (=0.1.2) +10 more potentially affected by CVE-2024-27083 via flask-appbuilder (=4.1.4)
flask-appbuilder PYPI version =4.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on flask-appbuilder and may be impacted: - airflow-clickhouse-plugin =0.9.0, =2.4.2, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.2.0, =0.2.1 Source cves:...
CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...
CVE-2024-27083
CVE-2024-27083 affects Flask-AppBuilder. An XSS on the OAuth login page was introduced in 4.1.4 and fixed in 4.2.1. Impact is on the OAuth login flow where crafted URLs can execute JavaScript in the user’s browser. Affected versions: 4.1.4 through 4.2.0; remediation: upgrade to 4.2.1 or newer. Ex...
CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...
CVE-2024-27083 Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute...
CVE-2024-27083
Removed by vendor...
CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...
CVE-2024-25128
Flask-AppBuilder (FAB) is affected when AUTH_TYPE is set to AUTH_OID. The vulnerability allows forging an HTTP request to trick the backend into using an attacker-controlled OpenID service, potentially granting unauthorized privilege access. The issue is exploitable with OpenID 2.0 and is mitigat...
CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...
CVE-2024-25128 Flask-AppBuilder incorrect authentication when using auth type OpenID
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTHTYPE AUTHOID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker...
CVE-2024-25128
Removed by vendor...
PT-2024-20767
Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions prior to 4.3.11 Description The issue allows an attacker to forge an HTTP request, deceiving the backend into using any requested OpenID service when Flask-AppBuilder is set to AUTH TYPE AUTH OID. This could grant an...
PT-2024-21635
Name of the Vulnerable Software and Affected Versions Flask-AppBuilder versions 4.1.4 through 4.2.0 Description A Cross-Site Scripting XSS vulnerability has been discovered on the OAuth login page. An attacker could trick a user into following a specially crafted URL to the OAuth login page, whic...