Vulnerabilities > Apache > Airflow > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-02-27 CVE-2018-20244 Cross-site Scripting vulnerability in Apache Airflow
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
5.5
2018-08-06 CVE-2017-12614 Cross-site Scripting vulnerability in Apache Airflow
It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack.
network
low complexity
apache CWE-79
6.1