All the vulnerabilites related to roundup-tracker - Roundup
cve-2004-1444
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1010415 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/10495 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16350 | vdb-entry, x_refsource_XF | |
| http://sourceforge.net/tracker/index.php?func=detail&aid=961511&group_id=31577&atid=402788 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/11801/ | third-party-advisory, x_refsource_SECUNIA | |
| http://packetstormsecurity.nl/0406-exploits/roundUP.txt | x_refsource_MISC | |
| http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1010415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010415"
},
{
"name": "10495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10495"
},
{
"name": "roundup-get-view-file(16350)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=961511\u0026group_id=31577\u0026atid=402788"
},
{
"name": "11801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11801/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.nl/0406-exploits/roundUP.txt"
},
{
"name": "GLSA-200408-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1010415",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010415"
},
{
"name": "10495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10495"
},
{
"name": "roundup-get-view-file(16350)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=961511\u0026group_id=31577\u0026atid=402788"
},
{
"name": "11801",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11801/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.nl/0406-exploits/roundUP.txt"
},
{
"name": "GLSA-200408-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1010415",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010415"
},
{
"name": "10495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10495"
},
{
"name": "roundup-get-view-file(16350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16350"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=961511\u0026group_id=31577\u0026atid=402788",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=961511\u0026group_id=31577\u0026atid=402788"
},
{
"name": "11801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11801/"
},
{
"name": "http://packetstormsecurity.nl/0406-exploits/roundUP.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.nl/0406-exploits/roundUP.txt"
},
{
"name": "GLSA-200408-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200408-09.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1444",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6132
Vulnerability from cvelistv5
Published
2014-04-10 19:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=722672 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/02/13/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/11/10/2 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84191 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6132",
"datePublished": "2014-04-10T19:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6133
Vulnerability from cvelistv5
Published
2020-01-30 20:22
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
References
| ▼ | URL | Tags |
|---|---|---|
| https://pypi.python.org/pypi/roundup/1.4.20 | x_refsource_CONFIRM | |
| http://issues.roundup-tracker.org/issue2550724 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/2 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/02/13/8 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=722672 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:38.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Roundup",
"vendor": "Roundup",
"versions": [
{
"status": "affected",
"version": "before 1.4.20"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-30T20:22:09",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Roundup",
"version": {
"version_data": [
{
"version_value": "before 1.4.20"
}
]
}
}
]
},
"vendor_name": "Roundup"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "http://issues.roundup-tracker.org/issue2550724",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550724"
},
{
"name": "http://www.openwall.com/lists/oss-security/2012/11/10/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "http://www.openwall.com/lists/oss-security/2013/02/13/8",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6133",
"datePublished": "2020-01-30T20:22:09",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:38.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-6276
Vulnerability from cvelistv5
Published
2016-04-13 14:00
Modified
2024-08-06 12:10
Severity ?
EPSS score ?
Summary
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
References
| ▼ | URL | Tags |
|---|---|---|
| http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2016/dsa-3502 | vendor-advisory, x_refsource_DEBIAN | |
| https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:10:13.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-13T13:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2014-6276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9"
},
{
"name": "DSA-3502",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3502"
},
{
"name": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2014-6276",
"datePublished": "2016-04-13T14:00:00",
"dateReserved": "2014-09-09T00:00:00",
"dateUpdated": "2024-08-06T12:10:13.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-2491
Vulnerability from cvelistv5
Published
2010-09-24 18:00
Modified
2024-08-07 02:32
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:32:16.774Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2010-12290",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html"
},
{
"name": "[roundup-devel] 20100701 Roundup Issue Tracker 1.4.14 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=326395"
},
{
"name": "41585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/41585"
},
{
"name": "FEDORA-2010-12261",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=610861"
},
{
"name": "[oss-security] 20100702 CVE Request -- Roundup: XSS by processing PageTemplate template for a named page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/3"
},
{
"name": "40433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40433"
},
{
"name": "41326",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41326"
},
{
"name": "[oss-security] 20100702 Re: CVE Request -- Roundup: XSS by processing PageTemplate template for a named page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/12"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486\u0026r2=4485\u0026pathrev=4486"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision\u0026revision=4486"
},
{
"name": "FEDORA-2010-12269",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-09-24T18:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2010-12290",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html"
},
{
"name": "[roundup-devel] 20100701 Roundup Issue Tracker 1.4.14 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=326395"
},
{
"name": "41585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/41585"
},
{
"name": "FEDORA-2010-12261",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=610861"
},
{
"name": "[oss-security] 20100702 CVE Request -- Roundup: XSS by processing PageTemplate template for a named page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/3"
},
{
"name": "40433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40433"
},
{
"name": "41326",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41326"
},
{
"name": "[oss-security] 20100702 Re: CVE Request -- Roundup: XSS by processing PageTemplate template for a named page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/07/02/12"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486\u0026r2=4485\u0026pathrev=4486"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision\u0026revision=4486"
},
{
"name": "FEDORA-2010-12269",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-2491",
"datePublished": "2010-09-24T18:00:00Z",
"dateReserved": "2010-06-28T00:00:00Z",
"dateUpdated": "2024-08-07T02:32:16.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1474
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29848"
},
{
"name": "30274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30274"
},
{
"name": "GLSA-200805-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-21.xml"
},
{
"name": "28239",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28239"
},
{
"name": "29336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29336"
},
{
"name": "FEDORA-2008-2471",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html"
},
{
"name": "DSA-1554",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1554"
},
{
"name": "roundup-multiple-unspecified(41241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41241"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939\u0026view=markup"
},
{
"name": "FEDORA-2008-2370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html"
},
{
"name": "29375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436546"
},
{
"name": "ADV-2008-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29848"
},
{
"name": "30274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30274"
},
{
"name": "GLSA-200805-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-21.xml"
},
{
"name": "28239",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28239"
},
{
"name": "29336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29336"
},
{
"name": "FEDORA-2008-2471",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html"
},
{
"name": "DSA-1554",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1554"
},
{
"name": "roundup-multiple-unspecified(41241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41241"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939\u0026view=markup"
},
{
"name": "FEDORA-2008-2370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html"
},
{
"name": "29375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436546"
},
{
"name": "ADV-2008-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29848"
},
{
"name": "30274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30274"
},
{
"name": "GLSA-200805-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-21.xml"
},
{
"name": "28239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28239"
},
{
"name": "29336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29336"
},
{
"name": "FEDORA-2008-2471",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html"
},
{
"name": "DSA-1554",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1554"
},
{
"name": "roundup-multiple-unspecified(41241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41241"
},
{
"name": "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939\u0026view=markup",
"refsource": "CONFIRM",
"url": "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939\u0026view=markup"
},
{
"name": "FEDORA-2008-2370",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html"
},
{
"name": "29375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29375"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=436546",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436546"
},
{
"name": "ADV-2008-0891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1474",
"datePublished": "2008-03-24T22:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-10904
Vulnerability from cvelistv5
Published
2019-04-06 19:40
Modified
2024-08-04 22:40
Severity ?
EPSS score ?
Summary
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/python/bugs.python.org/issues/34 | x_refsource_MISC | |
| https://bugs.python.org/issue36391 | x_refsource_MISC | |
| https://www.openwall.com/lists/oss-security/2019/04/05/1 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2019/04/07/1 | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:40:15.343Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.python.org/issue36391"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-07T14:06:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.python.org/issue36391"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-10904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/python/bugs.python.org/issues/34",
"refsource": "MISC",
"url": "https://github.com/python/bugs.python.org/issues/34"
},
{
"name": "https://bugs.python.org/issue36391",
"refsource": "MISC",
"url": "https://bugs.python.org/issue36391"
},
{
"name": "https://www.openwall.com/lists/oss-security/2019/04/05/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2019/04/05/1"
},
{
"name": "[oss-security] 20190407 Re: XSS in roundup bug tracker 404 page",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/04/07/1"
},
{
"name": "[debian-lts-announce] 20190407 [SECURITY] [DLA 1750-1] roundup security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-10904",
"datePublished": "2019-04-06T19:40:05",
"dateReserved": "2019-04-06T00:00:00",
"dateUpdated": "2024-08-04T22:40:15.343Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39124
Vulnerability from cvelistv5
Published
2024-07-17 00:00
Modified
2024-10-27 21:29
Severity ?
EPSS score ?
Summary
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39124",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T20:43:15.386439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T21:29:25.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:49:53.108376",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org/"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39124",
"datePublished": "2024-07-17T00:00:00",
"dateReserved": "2024-06-21T00:00:00",
"dateUpdated": "2024-10-27T21:29:25.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39125
Vulnerability from cvelistv5
Published
2024-07-17 00:00
Modified
2025-03-19 17:44
Severity ?
EPSS score ?
Summary
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39125",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-17T20:44:49.656741Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-19T17:44:28.859Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:52:16.938Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39125",
"datePublished": "2024-07-17T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2025-03-19T17:44:28.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6131
Vulnerability from cvelistv5
Published
2014-04-11 15:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=722672 | x_refsource_CONFIRM | |
| https://pypi.python.org/pypi/roundup/1.4.20 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/02/13/8 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2012/11/10/2 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84190 | vdb-entry, x_refsource_XF | |
| http://issues.roundup-tracker.org/issue2550711 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550711"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550711"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126131-action-xss(84190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84190"
},
{
"name": "http://issues.roundup-tracker.org/issue2550711",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550711"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6131",
"datePublished": "2014-04-11T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2025-53865
Vulnerability from cvelistv5
Published
2025-07-13 00:00
Modified
2025-07-14 16:22
Severity ?
EPSS score ?
Summary
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| roundup-tracker | Roundup |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53865",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:22:43.371198Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:22:49.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Roundup",
"vendor": "roundup-tracker",
"versions": [
{
"lessThan": "2.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive)."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-13T19:21:32.491Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org/docs/security.html"
},
{
"url": "https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-53865",
"datePublished": "2025-07-13T00:00:00.000Z",
"dateReserved": "2025-07-11T00:00:00.000Z",
"dateUpdated": "2025-07-14T16:22:49.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1475
Vulnerability from cvelistv5
Published
2008-03-24 22:00
Modified
2024-08-07 08:24
Severity ?
EPSS score ?
Summary
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:24:42.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30274"
},
{
"name": "FEDORA-2008-9734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html"
},
{
"name": "28238",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28238"
},
{
"name": "GLSA-200805-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-21.xml"
},
{
"name": "29336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29336"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1907211\u0026group_id=31577\u0026atid=402788"
},
{
"name": "FEDORA-2008-9712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html"
},
{
"name": "FEDORA-2008-2471",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html"
},
{
"name": "FEDORA-2008-2370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html"
},
{
"name": "32805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32805"
},
{
"name": "29375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29375"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436546"
},
{
"name": "roundup-xmlrpc-security-bypass(41240)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41240"
},
{
"name": "ADV-2008-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30274",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30274"
},
{
"name": "FEDORA-2008-9734",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html"
},
{
"name": "28238",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28238"
},
{
"name": "GLSA-200805-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-21.xml"
},
{
"name": "29336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29336"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1907211\u0026group_id=31577\u0026atid=402788"
},
{
"name": "FEDORA-2008-9712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html"
},
{
"name": "FEDORA-2008-2471",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html"
},
{
"name": "FEDORA-2008-2370",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html"
},
{
"name": "32805",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32805"
},
{
"name": "29375",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29375"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436546"
},
{
"name": "roundup-xmlrpc-security-bypass(41240)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41240"
},
{
"name": "ADV-2008-0891",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30274"
},
{
"name": "FEDORA-2008-9734",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html"
},
{
"name": "28238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28238"
},
{
"name": "GLSA-200805-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-21.xml"
},
{
"name": "29336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29336"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1907211\u0026group_id=31577\u0026atid=402788",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1907211\u0026group_id=31577\u0026atid=402788"
},
{
"name": "FEDORA-2008-9712",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html"
},
{
"name": "FEDORA-2008-2471",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html"
},
{
"name": "FEDORA-2008-2370",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html"
},
{
"name": "32805",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32805"
},
{
"name": "29375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29375"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=436546",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=436546"
},
{
"name": "roundup-xmlrpc-security-bypass(41240)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41240"
},
{
"name": "ADV-2008-0891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1475",
"datePublished": "2008-03-24T22:00:00",
"dateReserved": "2008-03-24T00:00:00",
"dateUpdated": "2024-08-07T08:24:42.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-39126
Vulnerability from cvelistv5
Published
2024-07-17 00:00
Modified
2025-03-13 13:37
Severity ?
EPSS score ?
Summary
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-39126",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T13:55:28.899966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:37:49.457Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:19:20.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-17T19:54:05.116Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.roundup-tracker.org"
},
{
"url": "https://www.roundup-tracker.org/docs/security.html#cve-announcements"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-39126",
"datePublished": "2024-07-17T00:00:00.000Z",
"dateReserved": "2024-06-21T00:00:00.000Z",
"dateUpdated": "2025-03-13T13:37:49.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6130
Vulnerability from cvelistv5
Published
2014-04-11 15:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=722672 | x_refsource_CONFIRM | |
| https://pypi.python.org/pypi/roundup/1.4.20 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2012/11/10/2 | mailing-list, x_refsource_MLIST | |
| http://issues.roundup-tracker.org/issue2550684 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/02/13/8 | mailing-list, x_refsource_MLIST | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/84189 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "https://pypi.python.org/pypi/roundup/1.4.20",
"refsource": "CONFIRM",
"url": "https://pypi.python.org/pypi/roundup/1.4.20"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "http://issues.roundup-tracker.org/issue2550684",
"refsource": "CONFIRM",
"url": "http://issues.roundup-tracker.org/issue2550684"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "roundup-cve20126130-username-xss(84189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84189"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6130",
"datePublished": "2014-04-11T15:00:00",
"dateReserved": "2012-12-06T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}