Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-27083

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.

Published

2024-02-29T01:44:19.387

Last Modified

2025-04-01T15:22:28.893

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	dpgaspar	flask-appbuilder	< 4.2.1	Yes

References

https://github.com/dpgaspar/Flask-AppBuilder/commit/3d17741886e4b3c384d0570de69689e4117aa812 Patch ([email protected])
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fqxj-46wg-9v84 Vendor Advisory ([email protected])
https://github.com/dpgaspar/Flask-AppBuilder/commit/3d17741886e4b3c384d0570de69689e4117aa812 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fqxj-46wg-9v84 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)