Roundup-tracker : Security Vulnerabilities, CVEs, (XSS)
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
Max CVSS
6.1
EPSS Score
0.17%
Published
2019-04-06
Updated
2019-04-09
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
Max CVSS
6.1
EPSS Score
0.36%
Published
2020-01-30
Updated
2020-01-31
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-04-10
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-04-11
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-04-11
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
Max CVSS
4.3
EPSS Score
0.33%
Published
2010-09-24
Updated
2012-05-31
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
Max CVSS
4.3
EPSS Score
1.06%
Published
2008-03-24
Updated
2017-08-08
7 vulnerabilities found