Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Roundup
(Roundup\-Tracker)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 13 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-07-17 | CVE-2024-39124 | In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. | Roundup | 5.4 | ||
2024-07-17 | CVE-2024-39125 | Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. | Roundup | 5.4 | ||
2024-07-17 | CVE-2024-39126 | Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | Roundup | 5.4 | ||
2020-01-30 | CVE-2012-6133 | Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*. | Roundup | N/A | ||
2019-04-06 | CVE-2019-10904 | Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. | Debian_linux, Roundup | 6.1 | ||
2016-04-13 | CVE-2014-6276 | schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details. | Debian_linux, Roundup | 4.3 | ||
2014-04-10 | CVE-2012-6132 | Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. | Roundup | N/A | ||
2014-04-11 | CVE-2012-6131 | Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. | Roundup | N/A | ||
2014-04-11 | CVE-2012-6130 | Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. | Roundup | N/A | ||
2010-09-24 | CVE-2010-2491 | Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. | Roundup | N/A |