Home > Vulnerability Database > CVE-2024-27083

Mend.io Vulnerability Database

CVE-2024-27083

Good to know:

Date: February 28, 2024

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.

Language: Python

Severity Score

4.3

Related Resources (4)

Url: https://github.com/dpgaspar/Flask-AppBuilder/commit/3d17741886e4b3c384d0570de69689e4117aa812

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27083

Url: https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fqxj-46wg-9v84

Url: https://www.mend.io/vulnerability-database/CVE-2024-27083

Severity Score

4.3

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version Flask-AppBuilder - 4.2.1

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27083

Good to know:

Date: February 28, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?