exploitDog

CVE-2019-16926

Опубликовано: 28 сент. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access

Ссылки

https://fatihhcelik.blogspot.com/2019/09/flower-100-has-xss-via-crafted-worker.html
Exploit
Third Party Advisory
https://fatihhcelik.blogspot.com/2019/09/flower-100-has-xss-via-crafted-worker.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:flower_project:flower:1.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-rvm9-vjh6-7fhr

CVSS3: 6.1

github

больше 3 лет назад

Flower 1.0.0 has XSS via a crafted worker name.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79