13 matches found
CVE-2026-7305
A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...
CVE-2026-45718
Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...
CVE-2026-45718
Budibase is an open-source low-code platform. Prior to 3.38.1, the row action trigger endpoint POST /api/tables/:sourceId/actions/:actionId/trigger fails to validate that the user-supplied rowId is within the scope of the view's row filters. A user with access to a filtered view can trigger row...
CVE-2026-7305
A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...
CVE-2026-7305 Xuxueli xxl-job trigger Endpoint XxlJobServiceImpl.java triggerJob server-side request forgery
A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component trigger Endpoint. This manipulation of the argument addressList causes...
CVE-2026-7305
CVE-2026-7305 affects Xuxueli xxl-job up to 3.3.2, specifically the triggerJob function in XxlJobServiceImpl.java (trigger Endpoint). The issue arises from manipulating the argument addressList, leading to server-side request forgery (SSRF). It can be triggered remotely, and a public exploit repo...
PYSEC-2021-4
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions 1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fi...
PYSEC-2020-21
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...
PYSEC-2020-21
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely...
PT-2020-15030 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.15 Description: The issue is related to an XSS exploit through the origin parameter passed to certain endpoints, such as '/trigger'. Recommendations: For versions prior to 1.10.15, update to version 1.10....
Cross-Site Scripting (XSS)
apacheairflow is vulnerable to Cross-Site Scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the origin parameter that is passed to the /trigger endpoint...
PYSEC-2020-19
In Apache Airflow 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit...
PT-2020-13795 · Apache · Apache Airflow
Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 1.10.12 Description: The issue concerns a XSS exploit in Apache Airflow. The origin parameter passed to certain endpoints, such as /trigger, is vulnerable to this exploit. Recommendations: For versions prior t...