Medium severity6.1OSV Advisory· Published Mar 9, 2019· Updated Jun 17, 2026
CVE-2019-9580
CVE-2019-9580
Description
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: v2.10.0, v2.10.1, v2.10.2
- Range: <2.9.3, <2.10.3
Patches
Vulnerability mechanics
References
3- github.com/StackStorm/st2/releases/tag/v2.10.3nvdRelease NotesThird Party Advisory
- github.com/StackStorm/st2/releases/tag/v2.9.3nvdRelease NotesThird Party Advisory
- stackstorm.com/2019/03/08/stackstorm-2-9-3-2-10-3/nvdVendor Advisory
News mentions
0No linked articles in our index yet.