Flask-AppBuilder is vulnerable to Cross-Site Scripting (XSS). The vulnerability is caused by insufficient sanitization of user-provided data in the handling of URLs within the OAuth login page, allowing an attacker inject and execute malicious JavaScript code in the user’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
flask-appbuilder | le | 4.2.1rc1 | |
flask-appbuilder | le | 4.2.1rc1 |