Filtered by vendor Flower Project
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16925 | 1 Flower Project | 1 Flower | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access. | |||||
| CVE-2019-16926 | 1 Flower Project | 1 Flower | 2020-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access. | |||||