13 matches found
CVE-2012-6133
CVE-2012-6133 concerns Roundup before version 1.4.20 with cross-site scripting (XSS) via the issue* interface, specifically through the (1) @ok_message or (2) @error_message parameters. The vulnerability allows an attacker to inject arbitrary web script or HTML through these messages. Public refe...
CVE-2019-10904
CVE-2019-10904 affects Roundup 1.6: XSS via the URI caused by improper 404 handling in the web front-end, specifically in frontend/roundup.cgi and roundup/cgi/wsgi_handler.py. Practical impact is client-side code execution due to crafted URIs. Exploitation details are not provided in the supplied...
CVE-2008-1474
Roundup CVE-2008-1474 and CVE-2008-1475 affect Roundup prior to 1.4.4. Connected sources confirm two issues: CVE-2008-1474 involves multiple unspecified vulnerabilities with possible XSS; CVE-2008-1475 pertains to XML-RPC permission checks (permission bypass). OpenVAS entries list a base CVSS of ...
CVE-2024-39125
Roundup
CVE-2014-6276
The CVE-2014-6276 entry corresponds to Roundup (web-based issue tracker) and affects versions before 1.5.1. The root cause is that schema.py does not properly restrict attributes in default user permissions, enabling remote authenticated users to view sensitive user details. Observed impact inclu...
CVE-2012-6131
CVE-2012-6131 describes a Cross-site Scripting (XSS) vulnerability in Roundup, specifically in the file cgi/client.py of Roundup versions before 1.4.20 . The issue allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1 . Documents consistently c...
CVE-2010-2491
CVE-2010-2491 is a cross-site scripting (XSS) vulnerability in Roundup, specifically in the CGI component cgi/client.py. The issue allows remote attackers to inject arbitrary script/HTML via the template argument to the /issue program, and affects Roundup versions prior to 1.4.14. The vulnerabili...
CVE-2012-6130
The CVE-2012-6130 entry describes a Cross-site Scripting (XSS) in Roundup’s history display prior to version 1.4.20, allowing remote attackers to inject arbitrary web script or HTML via a username argument. Connected documents corroborate that Roundup up to 1.4.20 is affected (e.g., Debian DLA-29...
CVE-2008-1475
CVE-2008-1475 concerns the xml-rpc server in Roundup 1.4.4, which does not check property permissions, allowing attackers to bypass restrictions and read or edit restricted properties via the (1) list, (2) display, and (3) set methods. The connected documents corroborate the same description and ...
CVE-2024-39126
CVE-2024-39126 : The vulnerability affects Roundup prior to 2.4.0, enabling cross-site scripting through JavaScript in PDF, XML, and SVG documents. The description and connected records confirm the issue, but do not provide exploitation details, affected vendor-specific patch versions, or concret...
CVE-2012-6132
CVE-2012-6132 is a reported XSS flaw in Roundup prior to version 1.4.20, exploitable via the otk parameter. The connected records corroborate that Roundup’s web interface accepts arbitrary scripts/HTML through otk, enabling remote script injection and partial integrity impact. Public details in t...
CVE-2024-39124
CVE-2024-39124 affects Roundup before 2.4.0 due to improper sanitization in classhelpers (_generic.help.html), enabling Cross‑Site Scripting (XSS). Root cause: insufficient input sanitization. Impact: potential XSS; exploitation details are not provided in the supplied documents. Remediation: upg...
CVE-2004-1444
CVE-2004-1444 describes a directory traversal vulnerability in Roundup 0.6.4 and earlier. An attacker can view arbitrary files by injecting ".." sequences in an @@ command within an HTTP GET request. The issue affects Roundup’s web-facing handling and exposes files the Roundup process can access....