Cross-Site Scripting (XSS) Vulnerability in Flask-AppBuilder OAuth Login Page
CVE-2024-27083

6.1MEDIUM

Key Information:

Vendor: Dpgaspar
Status: Flask-appbuilder
Vendor: CVE Published:; 29 February 2024

What is CVE-2024-27083?

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Flask-AppBuilder >= 4.1.4, < 4.2.1

References

https://github.com/dpgaspar/Flask-AppBuilder/security/adv...

x_refsource_CONFIRM

https://github.com/dpgaspar/Flask-AppBuilder/commit/3d177...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 29, 2024
Vulnerability Reserved
Feb 19, 2024

JSON

Dpgaspar