Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:33 a.m.6 views

CVE-2019-16925

Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change th...

6.1CVSS5.8AI score0.00818EPSS
Exploits1References1
NVD
NVD
added 2019/09/28 12:15 a.m.23 views

CVE-2019-16925

Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change th...

6.1CVSS6AI score0.00818EPSS
Exploits1References1
NVD
NVD
added 2019/09/28 12:15 a.m.17 views

CVE-2019-16926

Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has ful...

6.1CVSS6AI score0.00818EPSS
Exploits1References1
Prion
Prion
added 2019/09/28 12:15 a.m.13 views

Design/Logic Flaw

DISPUTED Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to...

4.3CVSS5.9AI score0.00818EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/09/27 11:32 p.m.22 views

CVE-2019-16925

Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change th...

6AI score0.00818EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/09/27 11:31 p.m.24 views

CVE-2019-16926

Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has ful...

6AI score0.00818EPSS
Exploits1References1
CVE
CVE
added 2019/09/27 11:31 p.m.217 views

CVE-2019-16926

Flower version 0.9.3 is described as having a client-side XSS via a crafted worker name (CVE-2019-16926). The affected software is Flower, a web-based Celery monitor, with the vulnerability attributed to internal backend configuration options for worker and task names, which are not user-facing. ...

6.1CVSS5.9AI score0.00818EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder