3 matches found
CVE-2019-16926
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has ful...
CVE-2019-16926
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has ful...
CVE-2019-16926
Flower version 0.9.3 is described as having a client-side XSS via a crafted worker name (CVE-2019-16926). The affected software is Flower, a web-based Celery monitor, with the vulnerability attributed to internal backend configuration options for worker and task names, which are not user-facing. ...