Lucene search
GoogleOSV:DLA-298-1HistoryAug 23, 2015 - 12:00 a.m.
roundup - security update
2015-08-2300:00:00
Google
osv.dev
3
0.004 Low
EPSS
Percentile
72.5%
- CVE-2012-6130
Cross-site scripting (XSS) vulnerability in the history
display in Roundup before 1.4.20 allows remote attackers
to inject arbitrary web script or HTML via a username,
related to generating a link. - CVE-2012-6131
Cross-site scripting (XSS) vulnerability in cgi/client.py
in Roundup before 1.4.20 allows remote attackers to inject
arbitrary web script or HTML via the @action parameter to
support/issue1. - CVE-2012-6132
Cross-site scripting (XSS) vulnerability in Roundup before
1.4.20 allows remote attackers to inject arbitrary web
script or HTML via the otk parameter. - CVE-2012-6133
XSS flaws in ok and error messages
We solve this differently from the proposals in the bug-report
by not allowing *any* html-tags in ok/error messages anymore.
References
Related
nessus
nessus
Debian DLA-298-1 : roundup security update
2015-08-24 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-298-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 298-1] roundup security update
2015-08-23 16:11:49
prion
prion
Cross site scripting
2014-04-11 15:55:00
Cross site scripting
2014-04-10 20:29:00
Cross site scripting
2014-04-11 15:55:00
ubuntucve
ubuntucve
cvelist
cvelist
nvd
nvd
github
github
Roundup Cross-site scripting (XSS) vulnerability
2022-05-17 01:37:42
Roundup Cross-site Scripting (XSS) vulnerability
2022-05-17 01:37:42
Roundup Cross-site Scripting (XSS) vulnerability
2022-05-17 01:37:42
cve
cve
osv
osv
veracode
veracode
Cross-Site Scripting (XSS)
2022-04-27 08:16:03