Lucene search

Veracode Vulnerability DatabaseVERACODE:46698

HistoryApr 30, 2024 - 11:05 a.m.

Cross Site Scripting(XSS)

2024-04-3011:05:03

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross site scripting

software vulnerability

templating

5.9 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.5%

JSON

roundup is vulnerable to Cross Site Scripting (XSS). The vulnerability is due to improper escape mechanisms within templating.py, which allows an attacker to preform cross site scripting.

CPENameOperatorVersion
rounduple1.4.3
rounduple1.4.3

CPE	Name	Operator	Version
	roundup	le	1.4.3
	roundup	le	1.4.3

References

roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup

secunia.com/advisories/29336

secunia.com/advisories/29375

secunia.com/advisories/29848

secunia.com/advisories/30274

security.gentoo.org/glsa/glsa-200805-21.xml

www.debian.org/security/2008/dsa-1554

www.securityfocus.com/bid/28239

www.vupen.com/english/advisories/2008/0891

bugzilla.redhat.com/show_bug.cgi?id=436546

exchange.xforce.ibmcloud.com/vulnerabilities/41241

github.com/advisories/GHSA-c3qv-mf8h-434r

github.com/roundup-tracker/roundup/commit/151ffd3367e7af563a92aabb3a8034a0f49063d9

lists.debian.org/debian-security-announce/2008/msg00125.html

www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html

www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html