5 matches found
EUVD-2022-46688
Malicious code in bioql PyPI...
CVE-2022-43706
Cross-site scripting XSS vulnerability in the Web UI of StackStorm versions prior to 3.8.0 allowed logged in users with write access to pack rules to inject arbitrary script or HTML that may be executed in Web UI for other logged in users...
StackStorm Cross-Site Scripting Vulnerability
StackStorm is an event-driven automation platform. The platform is used for automated remediation, security response, troubleshooting, and program deployment functions.Web UI is one of the web-based user graphical interfaces. A security vulnerability exists in st2web in StackStorm Web UI versions...
CVE-2019-9580
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS...
CVE-2019-9580
CVE-2019-9580 affects StackStorm’s Web UI (st2web) prior to versions 2.9.3 and 2.10.x prior to 2.10.3. The root cause is improper handling of CORS headers, where an unknown/null origin could be accepted, potentially enabling XSS and related cross-domain actions via a crafted link. Exploitation de...