14 matches found
EUVD-2022-31052
Malicious code in bioql PyPI...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
CVE-2019-16926
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has ful...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
Cross site scripting
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name...
PrimeKey SignServer 跨站脚本漏洞
PrimeKey SignServer is a multifunctional digital signature software from PrimeKey Sweden. Various digital signature use cases and formats are supported. A cross-site scripting vulnerability exists in the Admin web interface of PrimeKey SignServer prior to version 5.8.1. Exploitation of this...
PT-2022-17900 · Primekey · Primekey Signserver
Name of the Vulnerable Software and Affected Versions: PrimeKey SignServer versions prior to 5.8.1 Description: A cross-site scripting XSS issue was identified in the Admin Web interface. This issue can be exploited by using JavaScript code in a worker name before a Generate CSR request. It is...
CVE-2019-16926
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has ful...
Design/Logic Flaw
DISPUTED Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them alread...
CVE-2019-16926
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has ful...
CVE-2019-16926
Flower version 0.9.3 is described as having a client-side XSS via a crafted worker name (CVE-2019-16926). The affected software is Flower, a web-based Celery monitor, with the vulnerability attributed to internal backend configuration options for worker and task names, which are not user-facing. ...
PT-2019-14873 · Celery · Flower
Name of the Vulnerable Software and Affected Versions: Flower version 0.9.3 Description: The issue concerns a potential XSS vulnerability via a crafted worker name. However, the project author disputes its validity, stating that worker and task names are internal backend configuration options not...