← Back to CVE List

CVE-2019-9580

Published: 2019-03-09T04:29Z
Last Modified: 2024-11-21T04:51Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In st2web in StackStorm Web UI before 2.9.3 and 2.10.x before 2.10.3, it is possible to bypass the CORS protection mechanism via a "null" origin value, potentially leading to XSS. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt