CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-9580

In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.18

EPSS Ranking 94.9%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2019-9580

Stackstorm » Stackstorm » Version: 0.11.0

cpe:2.3:a:stackstorm:stackstorm:0.11.0
Stackstorm » Stackstorm » Version: 0.11.1

cpe:2.3:a:stackstorm:stackstorm:0.11.1
Stackstorm » Stackstorm » Version: 0.11.2

cpe:2.3:a:stackstorm:stackstorm:0.11.2
Stackstorm » Stackstorm » Version: 0.11.3

cpe:2.3:a:stackstorm:stackstorm:0.11.3
Stackstorm » Stackstorm » Version: 0.11.4

cpe:2.3:a:stackstorm:stackstorm:0.11.4
Stackstorm » Stackstorm » Version: 0.11.5

cpe:2.3:a:stackstorm:stackstorm:0.11.5
Stackstorm » Stackstorm » Version: 0.11.6

cpe:2.3:a:stackstorm:stackstorm:0.11.6
Stackstorm » Stackstorm » Version: 0.12.0

cpe:2.3:a:stackstorm:stackstorm:0.12.0
Stackstorm » Stackstorm » Version: 0.12.1

cpe:2.3:a:stackstorm:stackstorm:0.12.1
Stackstorm » Stackstorm » Version: 0.12.2

cpe:2.3:a:stackstorm:stackstorm:0.12.2
Stackstorm » Stackstorm » Version: 0.12.3

cpe:2.3:a:stackstorm:stackstorm:0.12.3
Stackstorm » Stackstorm » Version: 0.13.0

cpe:2.3:a:stackstorm:stackstorm:0.13.0
Stackstorm » Stackstorm » Version: 0.13.1

cpe:2.3:a:stackstorm:stackstorm:0.13.1
Stackstorm » Stackstorm » Version: 0.13.2

cpe:2.3:a:stackstorm:stackstorm:0.13.2
Stackstorm » Stackstorm » Version: 0.5.1

cpe:2.3:a:stackstorm:stackstorm:0.5.1
Stackstorm » Stackstorm » Version: 0.6.0

cpe:2.3:a:stackstorm:stackstorm:0.6.0
Stackstorm » Stackstorm » Version: 0.7

cpe:2.3:a:stackstorm:stackstorm:0.7
Stackstorm » Stackstorm » Version: 0.8.0

cpe:2.3:a:stackstorm:stackstorm:0.8.0
Stackstorm » Stackstorm » Version: 0.8.1

cpe:2.3:a:stackstorm:stackstorm:0.8.1
Stackstorm » Stackstorm » Version: 0.8.2

cpe:2.3:a:stackstorm:stackstorm:0.8.2
Stackstorm » Stackstorm » Version: 0.8.3

cpe:2.3:a:stackstorm:stackstorm:0.8.3
Stackstorm » Stackstorm » Version: 0.9.0

cpe:2.3:a:stackstorm:stackstorm:0.9.0
Stackstorm » Stackstorm » Version: 0.9.1

cpe:2.3:a:stackstorm:stackstorm:0.9.1
Stackstorm » Stackstorm » Version: 0.9.2

cpe:2.3:a:stackstorm:stackstorm:0.9.2
Stackstorm » Stackstorm » Version: 1.1.0

cpe:2.3:a:stackstorm:stackstorm:1.1.0
Stackstorm » Stackstorm » Version: 1.1.1

cpe:2.3:a:stackstorm:stackstorm:1.1.1
Stackstorm » Stackstorm » Version: 1.2.0

cpe:2.3:a:stackstorm:stackstorm:1.2.0
Stackstorm » Stackstorm » Version: 1.3.0

cpe:2.3:a:stackstorm:stackstorm:1.3.0
Stackstorm » Stackstorm » Version: 1.3.1

cpe:2.3:a:stackstorm:stackstorm:1.3.1
Stackstorm » Stackstorm » Version: 1.3.2

cpe:2.3:a:stackstorm:stackstorm:1.3.2
Stackstorm » Stackstorm » Version: 1.4.0

cpe:2.3:a:stackstorm:stackstorm:1.4.0
Stackstorm » Stackstorm » Version: 1.5.0

cpe:2.3:a:stackstorm:stackstorm:1.5.0
Stackstorm » Stackstorm » Version: 1.5.1

cpe:2.3:a:stackstorm:stackstorm:1.5.1
Stackstorm » Stackstorm » Version: 1.6.0

cpe:2.3:a:stackstorm:stackstorm:1.6.0
Stackstorm » Stackstorm » Version: 2.0.0

cpe:2.3:a:stackstorm:stackstorm:2.0.0
Stackstorm » Stackstorm » Version: 2.0.1

cpe:2.3:a:stackstorm:stackstorm:2.0.1
Stackstorm » Stackstorm » Version: 2.1.0

cpe:2.3:a:stackstorm:stackstorm:2.1.0
Stackstorm » Stackstorm » Version: 2.1.1

cpe:2.3:a:stackstorm:stackstorm:2.1.1
Stackstorm » Stackstorm » Version: 2.10.0

cpe:2.3:a:stackstorm:stackstorm:2.10.0
Stackstorm » Stackstorm » Version: 2.10.1

cpe:2.3:a:stackstorm:stackstorm:2.10.1
Stackstorm » Stackstorm » Version: 2.10.2

cpe:2.3:a:stackstorm:stackstorm:2.10.2
Stackstorm » Stackstorm » Version: 2.2.0

cpe:2.3:a:stackstorm:stackstorm:2.2.0
Stackstorm » Stackstorm » Version: 2.2.1

cpe:2.3:a:stackstorm:stackstorm:2.2.1
Stackstorm » Stackstorm » Version: 2.3.0

cpe:2.3:a:stackstorm:stackstorm:2.3.0
Stackstorm » Stackstorm » Version: 2.3.1

cpe:2.3:a:stackstorm:stackstorm:2.3.1
Stackstorm » Stackstorm » Version: 2.3.2

cpe:2.3:a:stackstorm:stackstorm:2.3.2
Stackstorm » Stackstorm » Version: 2.4.0

cpe:2.3:a:stackstorm:stackstorm:2.4.0
Stackstorm » Stackstorm » Version: 2.4.1

cpe:2.3:a:stackstorm:stackstorm:2.4.1
Stackstorm » Stackstorm » Version: 2.5.0

cpe:2.3:a:stackstorm:stackstorm:2.5.0
Stackstorm » Stackstorm » Version: 2.5.1

cpe:2.3:a:stackstorm:stackstorm:2.5.1
Stackstorm » Stackstorm » Version: 2.6.0

cpe:2.3:a:stackstorm:stackstorm:2.6.0
Stackstorm » Stackstorm » Version: 2.7.0

cpe:2.3:a:stackstorm:stackstorm:2.7.0
Stackstorm » Stackstorm » Version: 2.7.1

cpe:2.3:a:stackstorm:stackstorm:2.7.1
Stackstorm » Stackstorm » Version: 2.7.2

cpe:2.3:a:stackstorm:stackstorm:2.7.2
Stackstorm » Stackstorm » Version: 2.8.0

cpe:2.3:a:stackstorm:stackstorm:2.8.0
Stackstorm » Stackstorm » Version: 2.8.1

cpe:2.3:a:stackstorm:stackstorm:2.8.1
Stackstorm » Stackstorm » Version: 2.9.0

cpe:2.3:a:stackstorm:stackstorm:2.9.0
Stackstorm » Stackstorm » Version: 2.9.1

cpe:2.3:a:stackstorm:stackstorm:2.9.1
Stackstorm » Stackstorm » Version: 2.9.2

cpe:2.3:a:stackstorm:stackstorm:2.9.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-9580

Products

Pricing

Contact Us