exploitDog

CVE-2024-27083

Опубликовано: 29 фев. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 4.3

Описание

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.

Ссылки на источники

EPSS

Процентиль: 70%

0.00629

Низкий

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2024-27083

CVSS3: 4.3

nvd

почти 2 года назад

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.

CVE-2024-27083

CVSS3: 4.3

debian

почти 2 года назад

Flask-AppBuilder is an application development framework, built on top ...

GHSA-fqxj-46wg-9v84

CVSS3: 4.3

github

почти 2 года назад

Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)

EPSS

Процентиль: 70%

0.00629

Низкий

4.3 Medium

CVSS3