Stackstorm · Stackstorm Web Ui · CVE-2019-9580
**Name of the Vulnerable Software and Affected Versions**
StackStorm Web UI versions prior to 2.9.3
StackStorm Web UI versions 2.10.x prior to 2.10.3
**Description**
The issue allows bypassing the CORS protection mechanism via a "null" origin value, potentially leading to XSS.
**Recommendations**
For versions prior to 2.9.3, update to version 2.9.3 or later.
For versions 2.10.x prior to 2.10.3, update to version 2.10.3 or later.