[
https://issues.apache.org/jira/browse/AIRFLOW-4110?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Harri updated AIRFLOW-4110:
---------------------------
Description:
There is an XSS issue with Search in Webserver. One can inject javascript to
search functionality.
E.g. one can get javascript alert window injected:
GET /airflow/admin/?search=hupqd%22%3e%3cscript%3ealert(1)%3c%2fscript%3eel10r
HTTP/1.1
was:
There is an XSS issue with Search in Webserver. One can inject javascript to
search functionality.
E.g. one can get javascript alert window injected:
GET /dagger/admin/?search=hupqd%22%3e%3cscript%3ealert(1)%3c%2fscript%3eel10r
HTTP/1.1
> XSS issue with Search in Webserver
> ----------------------------------
>
> Key: AIRFLOW-4110
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4110
> Project: Apache Airflow
> Issue Type: Bug
> Components: webserver
> Affects Versions: 1.10.2
> Reporter: Harri
> Priority: Major
> Labels: Search, Security
>
> There is an XSS issue with Search in Webserver. One can inject javascript to
> search functionality.
>
> E.g. one can get javascript alert window injected:
> GET
> /airflow/admin/?search=hupqd%22%3e%3cscript%3ealert(1)%3c%2fscript%3eel10r
> HTTP/1.1
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
