CVE-2021-45229: Apache Airflow: Reflected XSS via Origin Query Argument in URL

[Jedidiah Cunningham <jedcunningham () apache org>]

Severity: high

Description:

It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query 
argument.

This issue affects Apache Airflow versions 2.2.3 and below. 

Credit:

The Apache Airflow PMC would like to thank both Bogdan Kurinnoy of the Samsung R&D Institute Ukraine (SRK) and Ali 
Al-Habsi of Accellion for independently discovering and reporting this issue.