VYPR

Flowers

by Flowers

CVEs (4)

  • CVE-2019-16926MedSep 28, 2019
    risk 0.40cvss 6.1epss 0.01

    Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change…

  • CVE-2019-16925MedSep 28, 2019
    risk 0.40cvss 6.1epss 0.01

    Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having…

  • CVE-2007-2308Apr 26, 2007
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter.

  • CVE-2007-2309Apr 26, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the den parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.