CVE-2020-9485Cross-site Scripting in Apache Airflow

CWE-79Cross-site Scripting5 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
2.1%
top 15.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache AirflowApache Software Foundation Apache Airflow
Timeline
PublishedJul 17
Latest updateJul 27

Description

An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the "classic" UI.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5apache_software_foundation/apache_airflow1.10.10 and below
NVDapache/airflow1.10.10

🔴Vulnerability Details

4
GHSA
Stored XSS in Apache Airflow2020-07-27
OSV
Stored XSS in Apache Airflow2020-07-27
OSV
CVE-2020-9485: An issue was found in Apache Airflow versions 12020-07-17
CVEList
CVE-2020-9485: An issue was found in Apache Airflow versions 12020-07-16
CVE-2020-9485 — Cross-site Scripting in Apache Airflow | cvebase