In Apache Airflow versions before 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument.
apache airflow