Cross-Site Scripting (XSS)

apacheairflow is vulnerable to cross-site scripting. The vulnerability is due to the origin query argument in the getsafeurl function of views.py which allows an attacker to inject and execute arbitrary scripts...