6 matches found
PT-2024-21113 · Qanything · Qanything
Name of the Vulnerable Software and Affected Versions: QAnything versions prior to 1.2.0 Description: The issue allows SQL Injection in the qanything kernel/connector/database/mysql/mysql client.py module. Recommendations: For versions prior to 1.2.0, update to version 1.2.0 or later to resolve t...
Roundup Cross-site scripting (XSS) vulnerability
Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...
Cross-Site Scripting (XSS)
roundup is vulnerable to cross-site scripting. The vulnerability exists in the cleanmessage function in client.py due to lack of sanitization in message parameters which allows an attacker to inject arbitrary scripts...
CVE-2012-6131
CVE-2012-6131 describes a Cross-site Scripting (XSS) vulnerability in Roundup, specifically in the file cgi/client.py of Roundup versions before 1.4.20 . The issue allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1 . Documents consistently c...
CVE-2012-6131
Cross-site scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...
CVE-2010-2491
CVE-2010-2491 is a cross-site scripting (XSS) vulnerability in Roundup, specifically in the CGI component cgi/client.py. The issue allows remote attackers to inject arbitrary script/HTML via the template argument to the /issue program, and affects Roundup versions prior to 1.4.14. The vulnerabili...