Vulnerabilities > Apache > Airflow > 1.10.14

DATE CVE VULNERABILITY TITLE RISK
2021-05-02 CVE-2021-28359 Cross-site Scripting vulnerability in Apache Airflow
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
network
low complexity
apache CWE-79
6.1
6.1
2020-12-11 CVE-2020-17515 Cross-site Scripting vulnerability in Apache Airflow
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
network
low complexity
apache CWE-79
6.1
6.1
2020-09-17 CVE-2020-13944 Cross-site Scripting vulnerability in Apache Airflow
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
network
low complexity
apache CWE-79
6.1
6.1