Lucene search
+L
Roundup-trackerRoundup

13 matches found

CVE
CVE
added 2020/01/30 8:22 p.m.97 views

CVE-2012-6133

CVE-2012-6133 concerns Roundup before version 1.4.20 with cross-site scripting (XSS) via the issue* interface, specifically through the (1) @ok_message or (2) @error_message parameters. The vulnerability allows an attacker to inject arbitrary web script or HTML through these messages. Public refe...

6.1CVSS6AI score0.01546EPSS
CVE
CVE
added 2019/04/06 7:40 p.m.86 views

CVE-2019-10904

CVE-2019-10904 affects Roundup 1.6: XSS via the URI caused by improper 404 handling in the web front-end, specifically in frontend/roundup.cgi and roundup/cgi/wsgi_handler.py. Practical impact is client-side code execution due to crafted URIs. Exploitation details are not provided in the supplied...

6.1CVSS5.8AI score0.01568EPSS
CVE
CVE
added 2008/03/24 10:0 p.m.79 views

CVE-2008-1474

Roundup CVE-2008-1474 and CVE-2008-1475 affect Roundup prior to 1.4.4. Connected sources confirm two issues: CVE-2008-1474 involves multiple unspecified vulnerabilities with possible XSS; CVE-2008-1475 pertains to XML-RPC permission checks (permission bypass). OpenVAS entries list a base CVSS of ...

4.3CVSS5.9AI score0.01486EPSS
CVE
CVE
added 2024/07/17 12:0 a.m.70 views

CVE-2024-39125

Roundup

5.4CVSS5.9AI score0.00286EPSS
CVE
CVE
added 2016/04/13 2:0 p.m.66 views

CVE-2014-6276

The CVE-2014-6276 entry corresponds to Roundup (web-based issue tracker) and affects versions before 1.5.1. The root cause is that schema.py does not properly restrict attributes in default user permissions, enabling remote authenticated users to view sensitive user details. Observed impact inclu...

4.3CVSS4AI score0.01535EPSS
CVE
CVE
added 2014/04/11 3:0 p.m.65 views

CVE-2012-6131

CVE-2012-6131 describes a Cross-site Scripting (XSS) vulnerability in Roundup, specifically in the file cgi/client.py of Roundup versions before 1.4.20 . The issue allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1 . Documents consistently c...

4.3CVSS5.9AI score0.01983EPSS
Web
CVE
CVE
added 2014/04/11 3:0 p.m.63 views

CVE-2012-6130

The CVE-2012-6130 entry describes a Cross-site Scripting (XSS) in Roundup’s history display prior to version 1.4.20, allowing remote attackers to inject arbitrary web script or HTML via a username argument. Connected documents corroborate that Roundup up to 1.4.20 is affected (e.g., Debian DLA-29...

4.3CVSS5.9AI score0.01983EPSS
CVE
CVE
added 2010/09/24 6:0 p.m.62 views

CVE-2010-2491

CVE-2010-2491 is a cross-site scripting (XSS) vulnerability in Roundup, specifically in the CGI component cgi/client.py. The issue allows remote attackers to inject arbitrary script/HTML via the template argument to the /issue program, and affects Roundup versions prior to 1.4.14. The vulnerabili...

4.3CVSS5.5AI score0.0253EPSS
Web
CVE
CVE
added 2008/03/24 10:0 p.m.55 views

CVE-2008-1475

CVE-2008-1475 concerns the xml-rpc server in Roundup 1.4.4, which does not check property permissions, allowing attackers to bypass restrictions and read or edit restricted properties via the (1) list, (2) display, and (3) set methods. The connected documents corroborate the same description and ...

6.4CVSS6.1AI score0.01743EPSS
CVE
CVE
added 2024/07/17 12:0 a.m.53 views

CVE-2024-39126

CVE-2024-39126 : The vulnerability affects Roundup prior to 2.4.0, enabling cross-site scripting through JavaScript in PDF, XML, and SVG documents. The description and connected records confirm the issue, but do not provide exploitation details, affected vendor-specific patch versions, or concret...

5.4CVSS5.9AI score0.00324EPSS
CVE
CVE
added 2014/04/10 7:0 p.m.52 views

CVE-2012-6132

CVE-2012-6132 is a reported XSS flaw in Roundup prior to version 1.4.20, exploitable via the otk parameter. The connected records corroborate that Roundup’s web interface accepts arbitrary scripts/HTML through otk, enabling remote script injection and partial integrity impact. Public details in t...

4.3CVSS5.9AI score0.01837EPSS
CVE
CVE
added 2024/07/17 12:0 a.m.49 views

CVE-2024-39124

CVE-2024-39124 affects Roundup before 2.4.0 due to improper sanitization in classhelpers (_generic.help.html), enabling Cross‑Site Scripting (XSS). Root cause: insufficient input sanitization. Impact: potential XSS; exploitation details are not provided in the supplied documents. Remediation: upg...

6.1CVSS7AI score0.00289EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.48 views

CVE-2004-1444

CVE-2004-1444 describes a directory traversal vulnerability in Roundup 0.6.4 and earlier. An attacker can view arbitrary files by injecting ".." sequences in an @@ command within an HTTP GET request. The issue affects Roundup’s web-facing handling and exposes files the Roundup process can access....

5CVSS6.8AI score0.08794EPSS