Impact
A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser.
Impacted versions:
Flask-AppBuilder version 4.1.4 up to and including 4.2.0
Patches
This issue was introduced on 4.1.4 and patched on 4.2.1, user's should upgrade to 4.2.1 or newer versions.
Impact
A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser.
Impacted versions:
Flask-AppBuilder version 4.1.4 up to and including 4.2.0
Patches
This issue was introduced on 4.1.4 and patched on 4.2.1, user's should upgrade to 4.2.1 or newer versions.