Search criteria
41 vulnerabilities found for roundup by roundup-tracker
CVE-2025-53865 (GCVE-0-2025-53865)
Vulnerability from cvelistv5 – Published: 2025-07-13 00:00 – Updated: 2025-07-14 16:22
VLAI?
Summary
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| roundup-tracker | Roundup |
Affected:
0 , < 2.5.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:22:43.371198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:22:49.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Roundup",
"vendor": "roundup-tracker",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T19:21:32.491Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org/docs/security.html"
},
{
"url": "https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-53865",
"datePublished": "2025-07-13T00:00:00.000Z",
"dateReserved": "2025-07-11T00:00:00.000Z",
"dateUpdated": "2025-07-14T16:22:49.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39125 (GCVE-0-2024-39125)
Vulnerability from cvelistv5 – Published: 2024-07-17 00:00 – Updated: 2025-03-19 17:44
VLAI?
Summary
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T20:44:49.656741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:44:28.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:52:16.938Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39125",
"datePublished": "2024-07-17T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2025-03-19T17:44:28.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39124 (GCVE-0-2024-39124)
Vulnerability from cvelistv5 – Published: 2024-07-17 00:00 – Updated: 2024-10-27 21:29
VLAI?
Summary
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T20:43:15.386439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:29:25.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:49:53.108376",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org/"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39124",
"datePublished": "2024-07-17T00:00:00",
"dateReserved": "2024-06-21T00:00:00",
"dateUpdated": "2024-10-27T21:29:25.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39126 (GCVE-0-2024-39126)
Vulnerability from cvelistv5 – Published: 2024-07-17 00:00 – Updated: 2025-03-13 13:37
VLAI?
Summary
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:55:28.899966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:37:49.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:54:05.116Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39126",
"datePublished": "2024-07-17T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2025-03-13T13:37:49.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6133 (GCVE-0-2012-6133)
Vulnerability from cvelistv5 – Published: 2020-01-30 20:22 – Updated: 2024-08-06 21:28
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:38.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Roundup",
"vendor": "Roundup",
"versions": [
{
"status": "affected",
"version": "before 1.4.20"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T20:22:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Roundup",
"version": {
"version_data": [
{
"version_value": "before 1.4.20"
}
]
}
}
]
},
"vendor_name": "Roundup"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "http://issues.roundup-tracker.org/issue2550724",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/13/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6133",
"datePublished": "2020-01-30T20:22:09",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:38.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10904 (GCVE-0-2019-10904)
Vulnerability from cvelistv5 – Published: 2019-04-06 19:40 – Updated: 2024-08-04 22:40
VLAI?
Summary
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.python.org/issue36391"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-07T14:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.python.org/issue36391"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/python/bugs.python.org/issues/34",
"refsource": "MISC",
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"name": "https://bugs.python.org/issue36391",
"refsource": "MISC",
"url": "https://bugs.python.org/issue36391"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/04/05/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10904",
"datePublished": "2019-04-06T19:40:05",
"dateReserved": "2019-04-06T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6276 (GCVE-0-2014-6276)
Vulnerability from cvelistv5 – Published: 2016-04-13 14:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-13T13:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"name": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-6276",
"datePublished": "2016-04-13T14:00:00",
"dateReserved": "2014-09-09T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6130 (GCVE-0-2012-6130)
Vulnerability from cvelistv5 – Published: 2014-04-11 15:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "http://issues.roundup-tracker.org/issue2550684",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6130",
"datePublished": "2014-04-11T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6131 (GCVE-0-2012-6131)
Vulnerability from cvelistv5 – Published: 2014-04-11 15:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"name": "http://issues.roundup-tracker.org/issue2550711",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6131",
"datePublished": "2014-04-11T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6132 (GCVE-0-2012-6132)
Vulnerability from cvelistv5 – Published: 2014-04-10 19:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6132",
"datePublished": "2014-04-10T19:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53865 (GCVE-0-2025-53865)
Vulnerability from nvd – Published: 2025-07-13 00:00 – Updated: 2025-07-14 16:22
VLAI?
Summary
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| roundup-tracker | Roundup |
Affected:
0 , < 2.5.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:22:43.371198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:22:49.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Roundup",
"vendor": "roundup-tracker",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T19:21:32.491Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org/docs/security.html"
},
{
"url": "https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-53865",
"datePublished": "2025-07-13T00:00:00.000Z",
"dateReserved": "2025-07-11T00:00:00.000Z",
"dateUpdated": "2025-07-14T16:22:49.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39125 (GCVE-0-2024-39125)
Vulnerability from nvd – Published: 2024-07-17 00:00 – Updated: 2025-03-19 17:44
VLAI?
Summary
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T20:44:49.656741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:44:28.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:52:16.938Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39125",
"datePublished": "2024-07-17T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2025-03-19T17:44:28.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39124 (GCVE-0-2024-39124)
Vulnerability from nvd – Published: 2024-07-17 00:00 – Updated: 2024-10-27 21:29
VLAI?
Summary
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T20:43:15.386439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:29:25.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:49:53.108376",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org/"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39124",
"datePublished": "2024-07-17T00:00:00",
"dateReserved": "2024-06-21T00:00:00",
"dateUpdated": "2024-10-27T21:29:25.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-39126 (GCVE-0-2024-39126)
Vulnerability from nvd – Published: 2024-07-17 00:00 – Updated: 2025-03-13 13:37
VLAI?
Summary
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:55:28.899966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:37:49.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:54:05.116Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39126",
"datePublished": "2024-07-17T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2025-03-13T13:37:49.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6133 (GCVE-0-2012-6133)
Vulnerability from nvd – Published: 2020-01-30 20:22 – Updated: 2024-08-06 21:28
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:38.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Roundup",
"vendor": "Roundup",
"versions": [
{
"status": "affected",
"version": "before 1.4.20"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T20:22:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Roundup",
"version": {
"version_data": [
{
"version_value": "before 1.4.20"
}
]
}
}
]
},
"vendor_name": "Roundup"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "http://issues.roundup-tracker.org/issue2550724",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/13/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6133",
"datePublished": "2020-01-30T20:22:09",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:38.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-10904 (GCVE-0-2019-10904)
Vulnerability from nvd – Published: 2019-04-06 19:40 – Updated: 2024-08-04 22:40
VLAI?
Summary
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.python.org/issue36391"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-07T14:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.python.org/issue36391"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/python/bugs.python.org/issues/34",
"refsource": "MISC",
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"name": "https://bugs.python.org/issue36391",
"refsource": "MISC",
"url": "https://bugs.python.org/issue36391"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/04/05/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10904",
"datePublished": "2019-04-06T19:40:05",
"dateReserved": "2019-04-06T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-6276 (GCVE-0-2014-6276)
Vulnerability from nvd – Published: 2016-04-13 14:00 – Updated: 2024-08-06 12:10
VLAI?
Summary
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-13T13:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"name": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-6276",
"datePublished": "2016-04-13T14:00:00",
"dateReserved": "2014-09-09T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6130 (GCVE-0-2012-6130)
Vulnerability from nvd – Published: 2014-04-11 15:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "http://issues.roundup-tracker.org/issue2550684",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6130",
"datePublished": "2014-04-11T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6131 (GCVE-0-2012-6131)
Vulnerability from nvd – Published: 2014-04-11 15:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"name": "http://issues.roundup-tracker.org/issue2550711",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6131",
"datePublished": "2014-04-11T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6132 (GCVE-0-2012-6132)
Vulnerability from nvd – Published: 2014-04-10 19:00 – Updated: 2024-08-06 21:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6132",
"datePublished": "2014-04-10T19:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-39126
Vulnerability from fkie_nvd - Published: 2024-07-17 20:15 - Updated: 2025-03-13 14:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundup-tracker | roundup | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C622A44-3E18-4C82-9C57-386712D4E68B",
"versionEndExcluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents."
},
{
"lang": "es",
"value": "Roundup anterior a 2.4.0 permite XSS a trav\u00e9s de JavaScript en documentos PDF, XML y SVG."
}
],
"id": "CVE-2024-39126",
"lastModified": "2025-03-13T14:15:28.767",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-17T20:15:06.343",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.roundup-tracker.org"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.roundup-tracker.org"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-39124
Vulnerability from fkie_nvd - Published: 2024-07-17 20:15 - Updated: 2024-11-21 09:27
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundup-tracker | roundup | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C622A44-3E18-4C82-9C57-386712D4E68B",
"versionEndExcluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS."
},
{
"lang": "es",
"value": "En Roundup anterior a 2.4.0, los classhelpers (_generic.help.html) permiten XSS."
}
],
"id": "CVE-2024-39124",
"lastModified": "2024-11-21T09:27:12.863",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-17T20:15:06.203",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.roundup-tracker.org/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.roundup-tracker.org/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-39125
Vulnerability from fkie_nvd - Published: 2024-07-17 20:15 - Updated: 2025-03-19 18:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundup-tracker | roundup | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4C622A44-3E18-4C82-9C57-386712D4E68B",
"versionEndExcluding": "2.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header."
},
{
"lang": "es",
"value": "Roundup anterior a 2.4.0 permite XSS a trav\u00e9s de un elemento SCRIPT en un encabezado HTTP Referer."
}
],
"id": "CVE-2024-39125",
"lastModified": "2025-03-19T18:15:21.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-17T20:15:06.270",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.roundup-tracker.org"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.roundup-tracker.org"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2012-6133
Vulnerability from fkie_nvd - Published: 2020-01-30 21:15 - Updated: 2024-11-21 01:45
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundup-tracker | roundup | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2DAC18-B14E-4D03-8252-1F12593BDC4B",
"versionEndExcluding": "1.4.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en Roundup versiones anteriores a 1.4.20, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro (1) @ok_message o (2) @error_message en issue*."
}
],
"id": "CVE-2012-6133",
"lastModified": "2024-11-21T01:45:53.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-30T21:15:13.950",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-10904
Vulnerability from fkie_nvd - Published: 2019-04-06 20:29 - Updated: 2024-11-21 04:20
Severity ?
Summary
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| roundup-tracker | roundup | 1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "69E8C263-4B26-4894-B664-3437CBFC80E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors."
},
{
"lang": "es",
"value": "Roundup 1.6 permite Cross-Site Scripting (XSS) mediante el URI debido a que frontends/roundup.cgi y roundup/cgi/wsgi_handler.py gestionan los errores 404 de manera incorrecta."
}
],
"id": "CVE-2019-10904",
"lastModified": "2024-11-21T04:20:06.027",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-06T20:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.python.org/issue36391"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://bugs.python.org/issue36391"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-6276
Vulnerability from fkie_nvd - Published: 2016-04-13 14:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundup-tracker | roundup | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88E07488-2EC4-4437-B60D-C50D659C4A2A",
"versionEndIncluding": "1.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details."
},
{
"lang": "es",
"value": "schema.py en Roundup en versiones anteriores a 1.5.1 no limita correctamente atributos incluidos en permisos de usuario por defecto, lo que podr\u00eda permitir a usuarios remotos autenticados obtener informaci\u00f3n sensible de usuario visualizando detalles de usuario."
}
],
"id": "CVE-2014-6276",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-13T14:59:00.140",
"references": [
{
"source": "security@debian.org",
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6131
Vulnerability from fkie_nvd - Published: 2014-04-11 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundup-tracker | roundup | * | |
| roundup-tracker | roundup | 1.4.0 | |
| roundup-tracker | roundup | 1.4.1 | |
| roundup-tracker | roundup | 1.4.2 | |
| roundup-tracker | roundup | 1.4.3 | |
| roundup-tracker | roundup | 1.4.4 | |
| roundup-tracker | roundup | 1.4.5 | |
| roundup-tracker | roundup | 1.4.6 | |
| roundup-tracker | roundup | 1.4.7 | |
| roundup-tracker | roundup | 1.4.8 | |
| roundup-tracker | roundup | 1.4.9 | |
| roundup-tracker | roundup | 1.4.10 | |
| roundup-tracker | roundup | 1.4.11 | |
| roundup-tracker | roundup | 1.4.12 | |
| roundup-tracker | roundup | 1.4.13 | |
| roundup-tracker | roundup | 1.4.14 | |
| roundup-tracker | roundup | 1.4.15 | |
| roundup-tracker | roundup | 1.4.16 | |
| roundup-tracker | roundup | 1.4.17 | |
| roundup-tracker | roundup | 1.4.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD3C644-43D8-4DF6-971E-25EE81BDF2FA",
"versionEndIncluding": "1.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0038D97D-E099-41FD-B467-C2FA8A1A04BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDDF8D-B34E-4A31-A335-E41477436C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "764F3225-B6F0-497E-B2BD-A6CBA40D06BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9BE58-8A1B-4BF3-A2D4-D68051FE67C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB15B4C-911F-4F48-A3F8-12F9A33CB9E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50EA0CD8-DA56-4969-A7D0-39DD9668F9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "832F0C0A-5AF2-46A5-B785-2DC698250944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E536CDAA-0ABB-46FD-BD46-7644EF05ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "42084E64-9203-4F73-ADD0-D7FDEBE2AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F58AB7D5-0873-4400-84C3-871409DA2F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7907BD-2B4F-45CF-9102-AED8ABE7F999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C93114B4-7041-46E9-B97B-5D581331FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CF57F-4E06-4146-91FB-65A0702FBB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFF2F26-B779-4A5F-BC31-FE7EA74A7076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F28A4156-70C0-4D90-BE4B-A2D827E337F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E8725B65-2FB7-47E3-88F4-99F21E9F8554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8ED6DE8-409E-462C-BF89-FE50F5BC2771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A89D5A3C-B239-4FC2-8508-CD7A82CE9E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B46FFA28-92FD-4712-937D-BA17DF73F711",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en cgi/client.py en Roundup anterior a 1.4.20 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro @action hacia support/issue1."
}
],
"id": "CVE-2012-6131",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-11T15:55:16.520",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://issues.roundup-tracker.org/issue2550711"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://issues.roundup-tracker.org/issue2550711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6130
Vulnerability from fkie_nvd - Published: 2014-04-11 15:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundup-tracker | roundup | * | |
| roundup-tracker | roundup | 1.4.0 | |
| roundup-tracker | roundup | 1.4.1 | |
| roundup-tracker | roundup | 1.4.2 | |
| roundup-tracker | roundup | 1.4.3 | |
| roundup-tracker | roundup | 1.4.4 | |
| roundup-tracker | roundup | 1.4.5 | |
| roundup-tracker | roundup | 1.4.6 | |
| roundup-tracker | roundup | 1.4.7 | |
| roundup-tracker | roundup | 1.4.8 | |
| roundup-tracker | roundup | 1.4.9 | |
| roundup-tracker | roundup | 1.4.10 | |
| roundup-tracker | roundup | 1.4.11 | |
| roundup-tracker | roundup | 1.4.12 | |
| roundup-tracker | roundup | 1.4.13 | |
| roundup-tracker | roundup | 1.4.14 | |
| roundup-tracker | roundup | 1.4.15 | |
| roundup-tracker | roundup | 1.4.16 | |
| roundup-tracker | roundup | 1.4.17 | |
| roundup-tracker | roundup | 1.4.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD3C644-43D8-4DF6-971E-25EE81BDF2FA",
"versionEndIncluding": "1.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0038D97D-E099-41FD-B467-C2FA8A1A04BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDDF8D-B34E-4A31-A335-E41477436C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "764F3225-B6F0-497E-B2BD-A6CBA40D06BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9BE58-8A1B-4BF3-A2D4-D68051FE67C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB15B4C-911F-4F48-A3F8-12F9A33CB9E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50EA0CD8-DA56-4969-A7D0-39DD9668F9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "832F0C0A-5AF2-46A5-B785-2DC698250944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E536CDAA-0ABB-46FD-BD46-7644EF05ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "42084E64-9203-4F73-ADD0-D7FDEBE2AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F58AB7D5-0873-4400-84C3-871409DA2F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7907BD-2B4F-45CF-9102-AED8ABE7F999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C93114B4-7041-46E9-B97B-5D581331FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CF57F-4E06-4146-91FB-65A0702FBB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFF2F26-B779-4A5F-BC31-FE7EA74A7076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F28A4156-70C0-4D90-BE4B-A2D827E337F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E8725B65-2FB7-47E3-88F4-99F21E9F8554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8ED6DE8-409E-462C-BF89-FE50F5BC2771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A89D5A3C-B239-4FC2-8508-CD7A82CE9E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B46FFA28-92FD-4712-937D-BA17DF73F711",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la visualizaci\u00f3n de historial en Roundup anterior a 1.4.20 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de un nombre de usuario, relacionado con generar un enlace."
}
],
"id": "CVE-2012-6130",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-11T15:55:05.693",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6132
Vulnerability from fkie_nvd - Published: 2014-04-10 20:29 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| roundup-tracker | roundup | * | |
| roundup-tracker | roundup | 1.4.0 | |
| roundup-tracker | roundup | 1.4.1 | |
| roundup-tracker | roundup | 1.4.2 | |
| roundup-tracker | roundup | 1.4.3 | |
| roundup-tracker | roundup | 1.4.4 | |
| roundup-tracker | roundup | 1.4.5 | |
| roundup-tracker | roundup | 1.4.6 | |
| roundup-tracker | roundup | 1.4.7 | |
| roundup-tracker | roundup | 1.4.8 | |
| roundup-tracker | roundup | 1.4.9 | |
| roundup-tracker | roundup | 1.4.10 | |
| roundup-tracker | roundup | 1.4.11 | |
| roundup-tracker | roundup | 1.4.12 | |
| roundup-tracker | roundup | 1.4.13 | |
| roundup-tracker | roundup | 1.4.14 | |
| roundup-tracker | roundup | 1.4.15 | |
| roundup-tracker | roundup | 1.4.16 | |
| roundup-tracker | roundup | 1.4.17 | |
| roundup-tracker | roundup | 1.4.18 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4BD3C644-43D8-4DF6-971E-25EE81BDF2FA",
"versionEndIncluding": "1.4.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0038D97D-E099-41FD-B467-C2FA8A1A04BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDDF8D-B34E-4A31-A335-E41477436C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "764F3225-B6F0-497E-B2BD-A6CBA40D06BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9BE58-8A1B-4BF3-A2D4-D68051FE67C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB15B4C-911F-4F48-A3F8-12F9A33CB9E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50EA0CD8-DA56-4969-A7D0-39DD9668F9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "832F0C0A-5AF2-46A5-B785-2DC698250944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E536CDAA-0ABB-46FD-BD46-7644EF05ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "42084E64-9203-4F73-ADD0-D7FDEBE2AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F58AB7D5-0873-4400-84C3-871409DA2F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7907BD-2B4F-45CF-9102-AED8ABE7F999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C93114B4-7041-46E9-B97B-5D581331FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CF57F-4E06-4146-91FB-65A0702FBB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFF2F26-B779-4A5F-BC31-FE7EA74A7076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F28A4156-70C0-4D90-BE4B-A2D827E337F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "E8725B65-2FB7-47E3-88F4-99F21E9F8554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E8ED6DE8-409E-462C-BF89-FE50F5BC2771",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A89D5A3C-B239-4FC2-8508-CD7A82CE9E54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B46FFA28-92FD-4712-937D-BA17DF73F711",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Roundup anterior a 1.4.20 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro otk."
}
],
"id": "CVE-2012-6132",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-04-10T20:29:23.457",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-2491
Vulnerability from fkie_nvd - Published: 2010-09-24 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1873A916-0008-404F-AE8D-77BDB5D3E667",
"versionEndIncluding": "1.4.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "19ECB7A0-10A6-4745-A14A-1FDCBA54FA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9968A3F6-095B-40E8-B5B3-FF0B9DDF4D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53AB2FBF-3D72-4548-B7EF-A9966DDADE99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0079C51C-5341-4ABD-AEC3-ED95D6B3849E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D942F581-EEE1-4475-91BC-A381F647DB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "85EA6E14-83A2-4EB5-B288-1BAAAE7BB15E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B79CB12-0F99-4337-8FFE-300E1F2635A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5D7924E0-09DE-4231-8543-93F132C525D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5181473-7735-4C4D-84EB-45123A4CB2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "611D6B74-E98A-4060-A4E8-0066B23097C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DDDDAB17-2E78-4F3A-8129-5F6B0AD6824C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC05048-471F-43B8-84F1-B3A4AD0BEB1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D5EA1112-FD27-4560-99B9-F95CB4875B50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B1C7A4E-B709-45B9-820B-9DA47D09A768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre1:*:*:*:*:*:*",
"matchCriteriaId": "12248494-B69A-493A-8BAA-AED8B6D90967",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre2:*:*:*:*:*:*",
"matchCriteriaId": "83D18991-4357-4EDA-B58A-C2B2D55AF65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre3:*:*:*:*:*:*",
"matchCriteriaId": "3EA23543-A008-4A35-A2FD-A5C92419B5D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85911897-FF14-4287-A70C-2BE1533D7DD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.4.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "C5AF4647-28B7-4A1F-8CE0-1AECF5E9DA52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.4.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "7491CD5B-BE8B-43D9-9A9C-A9D9091FFF98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C170F3BF-A954-4259-AFEA-8FBBA9A03E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "368312AF-2FC0-4528-A735-FE8E6412637D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.4.2:pr1:*:*:*:*:*:*",
"matchCriteriaId": "15A83A5C-A463-4A90-9C2B-CD4BF64D9F93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA22ED9-74AB-4B1A-AE32-002CBC70DD33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA7035B-ACAD-43CC-8B0A-5D5C71ED4D00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "5FF02B8B-EE0E-490C-B611-9E9073B08A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "FB0B1077-5E96-49D8-8C42-E1B269D977D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.0:pr1:*:*:*:*:*:*",
"matchCriteriaId": "62D6C85E-EDA1-4F97-86F7-A55D0209E9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "046CAABB-4A40-4734-9506-FE9E5D74ED6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7C743E-B264-4FEB-AE0D-6B63C6D25CD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18AC89CD-2092-4694-8DA3-268466CB1728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C8EB5412-927B-49F4-B1F1-0890AB674F1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B52588E4-C6C4-45DE-B8C2-4948AEAA2E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7C747D8A-1FD7-4E80-949F-49833D8A871B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "74CEEC73-4AF9-4E5A-A526-101E23A7ED2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.8:stable:*:*:*:*:*:*",
"matchCriteriaId": "6890C793-5346-4274-91F6-D3A1F4D4454B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "10F15818-1EC9-4E72-8E10-BF7CBEE6DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2136129D-9795-4281-A07E-297BE50A7A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "31430BEC-1190-46F9-82B8-6EBE6CBE1BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "E0855645-97A3-4CA1-9A7C-3050151302E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "86F1057A-0273-4B77-8DD9-32D54676F991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.0:b4:*:*:*:*:*:*",
"matchCriteriaId": "ACC3C30E-4796-49CE-AFDF-DC7B29737FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "068DEB7C-DAC2-45D6-A0B6-DC54EF52DF14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "960311B7-4C1B-4D7F-B8D1-A99977C389D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "953F1AAF-CFF8-462C-99E4-7A4D8404BCEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "280DC837-EB0D-42EA-8236-FFD87B0987AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B57648C-D3D8-4ADE-8500-9E7CC170DF63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E74C7F38-1DF5-4817-A6F7-F24E015346C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A7305D65-2C60-4AC0-86E8-10A115EC008C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8829C3BE-C384-4CB5-9128-12338E1E68F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "134F2504-202E-456E-973F-CDF26EC119A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "67CB2FD7-7E9E-4395-98B9-7A97B2140A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "932E8C5F-23DC-4A3D-8683-095E98595A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34318627-2740-4FDC-BF08-87CD6AD82F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "8455602A-65E5-4DAE-9D66-CA9A226E5AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "5ABA002F-3226-4492-9E4A-F8D2BD0C0791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "3595DB2B-EA69-4A47-B69D-3D526E9E9D89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D864CE13-3E5D-4A43-B45C-50FD73634828",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E6CF969-C90B-47AD-8538-F865C6D96F82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE2ADB27-CC67-4E07-AB14-D4E7AFBAF41A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C00B6823-DDC4-455B-806E-20DC50C91CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25307B01-1BDF-402C-BAB8-3F79E3AD5FE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B20E4D7D-AEB3-431A-8EAD-AA0968F339A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EE10C1E5-78C2-460D-BD73-97026C18D2D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA37A04-8B76-41F5-BB6A-BC510100A59A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E83205C4-D7BE-41C8-B4B2-76B265743D39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA29FD3-B9CE-47B8-9593-BD953C3ECC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "88EC7A4B-678F-4A87-9E7F-1F9B95647E6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B45F23-702E-436A-BEF5-26AB0B7B3288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41C8C39E-F339-48A4-83AB-D89493070418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "0C1E36E4-C4C9-4AE9-A91E-504B75441D9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "CA49A32F-5932-4E3D-80F4-3F695E6D967E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D98E71AD-3B23-44D8-B7DE-902B616BED76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "36336002-7EDC-47D2-A652-923C5DC99847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6893FFAD-A2D1-4C8B-983F-68C2899E56E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "81944927-FFCF-4709-B80B-7279CE31A0D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B11756-4710-4E9A-9E37-C3FA1C5E5B7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8DEAB81E-DAA8-49CD-AEC7-1492DE605172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:0.9.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "4AF05890-2633-4863-B545-ED923D9A4A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D00A7FA-8CC2-49DE-B515-7ADA3240549E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55982C77-F866-4298-BD46-E3DF136C6203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A92DF0-153B-4130-A12F-28A921673A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5E6A5DC6-8E85-4545-840A-3D5DF8FB3B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A85D14A2-5505-43CC-8416-6165C604D363",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCEF97A-C493-41A8-8A7D-4A187F016AEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55B7551D-6264-4949-A038-6006F432F261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "12903A2D-44DF-4606-B4DB-0501786A22C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7032E7E5-B353-451C-AA8A-70F055DE68C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A11A4AFF-EE53-477D-9B82-6A65A6765DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F5E2921-8219-4F59-B877-C2BCF9C0AB02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0038D97D-E099-41FD-B467-C2FA8A1A04BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCFDDF8D-B34E-4A31-A335-E41477436C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "764F3225-B6F0-497E-B2BD-A6CBA40D06BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F9BE58-8A1B-4BF3-A2D4-D68051FE67C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB15B4C-911F-4F48-A3F8-12F9A33CB9E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "50EA0CD8-DA56-4969-A7D0-39DD9668F9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "832F0C0A-5AF2-46A5-B785-2DC698250944",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E536CDAA-0ABB-46FD-BD46-7644EF05ABDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "42084E64-9203-4F73-ADD0-D7FDEBE2AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F58AB7D5-0873-4400-84C3-871409DA2F39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7907BD-2B4F-45CF-9102-AED8ABE7F999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C93114B4-7041-46E9-B97B-5D581331FED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:1.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BA1CF57F-4E06-4146-91FB-65A0702FBB2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en cgi/client.py de Roundup en versiones anteriores a la v1.4.14 permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del argumento \"template\" (plantilla) al programa /issue."
}
],
"id": "CVE-2010-2491",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-09-24T19:00:04.730",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=326395"
},
{
"source": "secalert@redhat.com",
"url": "http://issues.roundup-tracker.org/issue2550654"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html"
},
{
"source": "secalert@redhat.com",
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486\u0026r2=4485\u0026pathrev=4486"
},
{
"source": "secalert@redhat.com",
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision\u0026revision=4486"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40433"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41585"
},
{
"source": "secalert@redhat.com",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/12"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/41326"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=610861"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=326395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://issues.roundup-tracker.org/issue2550654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486\u0026r2=4485\u0026pathrev=4486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision\u0026revision=4486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/41585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/41326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=610861"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}