Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Roundup Security Vulnerabilities - November

cve
cve

CVE-2004-1444

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.

6.8AI Score

0.019EPSS

2005-02-13 05:00 AM
22
cve
cve

CVE-2008-1474

Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).

5.9AI Score

0.018EPSS

2008-03-24 10:44 PM
40
cve
cve

CVE-2008-1475

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

6.1AI Score

0.01EPSS

2008-03-24 10:44 PM
28
cve
cve

CVE-2010-2491

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.

5.5AI Score

0.003EPSS

2010-09-24 07:00 PM
29
cve
cve

CVE-2012-6130

Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.

5.9AI Score

0.003EPSS

2014-04-11 03:55 PM
28
cve
cve

CVE-2012-6131

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.

5.9AI Score

0.003EPSS

2014-04-11 03:55 PM
35
cve
cve

CVE-2012-6132

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.

5.9AI Score

0.002EPSS

2014-04-10 08:29 PM
29
cve
cve

CVE-2012-6133

Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.

6.1CVSS

6AI Score

0.004EPSS

2020-01-30 09:15 PM
74
cve
cve

CVE-2014-6276

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

4.3CVSS

4AI Score

0.002EPSS

2016-04-13 02:59 PM
38
cve
cve

CVE-2019-10904

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

6.1CVSS

5.8AI Score

0.002EPSS

2019-04-06 08:29 PM
56
cve
cve

CVE-2024-39124

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.

5.4CVSS

7AI Score

0.0004EPSS

2024-07-17 08:15 PM
22
cve
cve

CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.

5.4CVSS

5.9AI Score

0.0004EPSS

2024-07-17 08:15 PM
24
cve
cve

CVE-2024-39126

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.

5.4CVSS

5.9AI Score

0.0004EPSS

2024-07-17 08:15 PM
24