Roundup Security Vulnerabilities and Issues — Roundup CVE List

Lucene search

Roundup-trackerRoundup

5 matches found

CVE•added 2020/01/30 9:15 p.m.•86 views

CVE-2012-6133

Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.

6.1CVSS6AI score0.00479EPSS

CVE•added 2019/04/06 8:29 p.m.•65 views

CVE-2019-10904

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

6.1CVSS5.8AI score0.00631EPSS

CVE•added 2008/03/24 10:44 p.m.•42 views

CVE-2008-1475

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.

6.4CVSS6.1AI score0.0047EPSS

CVE•added 2024/07/17 8:15 p.m.•33 views

CVE-2024-39124

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.

6.1CVSS7AI score0.00702EPSS

CVE•added 2025/07/13 8:15 p.m.•9 views

CVE-2025-53865

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

6.4CVSS5.9AI score0.00037EPSS