CVE-2024-27083 — MEDIUM (4.3)

Q: How severe is CVE-2024-27083?

CVE-2024-27083 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-27083?

Check the references section above for vendor advisories and patch information. Affected products include: Dpgaspar Flask-Appbuilder.

Vulnerability Description

Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dpgaspar	Flask-Appbuilder	>= 4.1.4, < 4.2.1

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-27083?

CVE-2024-27083 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user ...

How severe is CVE-2024-27083?

CVE-2024-27083 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-27083?

Check the references section above for vendor advisories and patch information. Affected products include: Dpgaspar Flask-Appbuilder.