The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apache
XSS
Python
Airflow
NVD
CVSS 3.1
6.1
EPSS
14.4%