Lucene search
Veracode Vulnerability DatabaseVERACODE:45701HistoryFeb 29, 2024 - 8:03 a.m.
Cross Site Scripting (XSS)
2024-02-2908:03:51
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
cross-site scripting
xss
vulnerability
flask-appbuilder
oauth
javascript
Flask-AppBuilder is vulnerable to Cross-Site Scripting (XSS). The vulnerability is caused by insufficient sanitization of user-provided data in the handling of URLs within the OAuth login page, allowing an attacker inject and execute malicious JavaScript code in the user’s browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| flask-appbuilder | le | 4.2.1rc1 | |
| flask-appbuilder | le | 4.2.1rc1 |
Related
cve
cve
CVE-2024-27083
2024-02-29 01:44:19
osv
osv
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
2024-02-28 18:37:01
CVE-2024-27083
2024-02-29 01:44:19
github
github
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
2024-02-28 18:37:01
gitlab
gitlab
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
2024-02-28 00:00:00
debiancve
debiancve
CVE-2024-27083
2024-02-29 01:44:19
prion
prion
Cross site scripting
2024-02-29 01:44:00
cvelist
cvelist