[ https://issues.apache.org/jira/browse/AIRFLOW-1260?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Aizhamal Nurmamat kyzy resolved AIRFLOW-1260. --------------------------------------------- Resolution: Done Resolving previously closed issues. > FLOWER XSS Vulnerability > ------------------------ > > Key: AIRFLOW-1260 > URL: https://issues.apache.org/jira/browse/AIRFLOW-1260 > Project: Apache Airflow > Issue Type: Bug > Components: webapp > Affects Versions: 1.7.1.3 > Reporter: Camille TOLSA > Priority: Critical > Original Estimate: 4h > Remaining Estimate: 4h > > The affected functions are WorkerQueueAddConsumer() and > WorkerQueueCancelConsumer() from the fichier flower/static/js/flower.js file. > The use of the .html() function instead of .text() allows script execution -- This message was sent by Atlassian JIRA (v7.6.3#76005)