VYPR
Medium severity6.1NVD Advisory· Published Sep 28, 2019· Updated Jun 17, 2026

CVE-2019-16925

CVE-2019-16925

Description

Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.