CVE-2024-39126

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

EUVD-2020-0166

Malware in sbrugna...

GHSA-QXH9-QMF2-RHWC Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

PYSEC-2025-69

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates devel and responsive...

PT-2025-29382 · Roundup · Roundup

Name of the Vulnerable Software and Affected Versions: Roundup versions prior to 2.5.0 Description: Roundup is susceptible to a cross-site scripting issue. This occurs through the interaction between URLs and issue tracker templates devel and responsive. Recommendations: Update Roundup to version...

Cross-site Scripting (XSS)

Roundup is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper handling of the HTTP Referer header, allowing a SCRIPT element to be executed...

Roundup Cross-site Scripting Vulnerability

In Roundup before 2.4.0, classhelpers generic.help.html allow XSS...

PYSEC-2024-63

In Roundup before 2.4.0, classhelpers generic.help.html allow XSS...

PYSEC-2024-64

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header...

PYSEC-2024-65

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...

GHSA-FRGF-RV99-862X Roundup Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program...

GHSA-MCCQ-3M7H-FJXG Roundup Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link...

GHSA-GW2Q-CGVQ-9G3V Roundup Cross-site scripting (XSS) vulnerability

Cross-site Scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...

GHSA-Q7MF-HP9M-CX6F Roundup Directory traversal vulnerability

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. dot dot sequences in an @@ command in an HTTP GET request...

Cross-site Scripting (XSS)

roundup is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as the value of uri is not sanitized, allowing XSS attacks to occur in frontends/roundup.cgi and roundup/cgi/wsgihandler.py...

PYSEC-2014-16

Cross-site scripting XSS vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1...

PYSEC-2008-9

Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting XSS...

CVE-2004-1444

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. dot dot sequences in an @@ command in an HTTP GET request...