Medium severity6.1NVD Advisory· Published Sep 28, 2019· Updated Jun 17, 2026
CVE-2019-16925
CVE-2019-16925
Description
Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access
Affected products
2- Flower/Flowerdescription
Patches
Vulnerability mechanics
References
1- fatihhcelik.blogspot.com/2019/09/flower-100-has-xss-via-name-parameter.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.