4 matches found
CVE-2019-16925
Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change th...
Design/Logic Flaw
DISPUTED Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to...
CVE-2019-16925
Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change th...
CVE-2019-16925
CVE-2019-16925 affects Flower 0.9.3, with an XSS vulnerability reported via the name parameter in an @app.task call. The core issue appears to be unvalidated client-side data in the Flower web interface, but multiple sources note the project author disputes the vulnerability’s validity and emphas...