CVE-2019-16925

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-16925

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16925.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-16925

Published

2019-09-28T00:15:10.403Z

Modified

2026-03-14T09:32:07.395590Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access

References

https://fatihhcelik.blogspot.com/2019/09/flower-100-has-xss-via-name-parameter.html

Affected packages

Git / github.com/mher/flower

Affected ranges

Type

GIT

Repo

https://github.com/mher/flower

Events

Introduced

Last affected

ad3a68eb7296b732f3555a6ef808987c763d8e8d

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0.0"
        }
    ]
}

Affected versions

v0.*

v0.2

v0.3

v0.4

v0.5

v0.5.1

v0.5.2

v0.6

v0.7

v0.8

v1.*

v1.0.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16925.json"