4 matches found
CVE-2012-6133
CVE-2012-6133 concerns Roundup before version 1.4.20 with cross-site scripting (XSS) via the issue* interface, specifically through the (1) @ok_message or (2) @error_message parameters. The vulnerability allows an attacker to inject arbitrary web script or HTML through these messages. Public refe...
CVE-2024-39125
Roundup
CVE-2024-39126
CVE-2024-39126 : The vulnerability affects Roundup prior to 2.4.0, enabling cross-site scripting through JavaScript in PDF, XML, and SVG documents. The description and connected records confirm the issue, but do not provide exploitation details, affected vendor-specific patch versions, or concret...
CVE-2024-39124
CVE-2024-39124 affects Roundup before 2.4.0 due to improper sanitization in classhelpers (_generic.help.html), enabling Cross‑Site Scripting (XSS). Root cause: insufficient input sanitization. Impact: potential XSS; exploitation details are not provided in the supplied documents. Remediation: upg...