PYSEC-2023-264
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG.This Javascript can be executed on the client side of any of the user who looks at the tasks in the...