Medium severity6.1NVD Advisory· Published Sep 28, 2019· Updated Jun 17, 2026
CVE-2019-16926
CVE-2019-16926
Description
Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them already has full access
Affected products
2- Flower/Flowerdescription
Patches
Vulnerability mechanics
References
1- fatihhcelik.blogspot.com/2019/09/flower-100-has-xss-via-crafted-worker.htmlnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.