Roundup-tracker

Roundup

14 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2025-53865

  • EPSS 0.04%
  • Published 13.07.2025 00:00:00
  • Last modified 15.07.2025 13:14:24

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

5.4

CVE-2024-39124

  • EPSS 0.54%
  • Published 17.07.2024 20:15:06
  • Last modified 21.11.2024 09:27:12

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.

5.4

CVE-2024-39125

  • EPSS 0.54%
  • Published 17.07.2024 20:15:06
  • Last modified 19.03.2025 18:15:21

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.

5.4

CVE-2024-39126

  • EPSS 0.68%
  • Published 17.07.2024 20:15:06
  • Last modified 13.03.2025 14:15:28

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.

6.1

CVE-2012-6133

Exploit
  • EPSS 0.48%
  • Published 30.01.2020 21:15:13
  • Last modified 21.11.2024 01:45:53

Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.

6.1

CVE-2019-10904

Exploit
  • EPSS 0.63%
  • Published 06.04.2019 20:29:00
  • Last modified 21.11.2024 04:20:06

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

4.3

CVE-2014-6276

  • EPSS 0.13%
  • Published 13.04.2016 14:59:00
  • Last modified 12.04.2025 10:46:40

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

4.3

CVE-2012-6131

  • EPSS 0.41%
  • Published 11.04.2014 15:55:16
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.

4.3

CVE-2012-6130

  • EPSS 0.41%
  • Published 11.04.2014 15:55:05
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.

4.3

CVE-2012-6132

  • EPSS 0.26%
  • Published 10.04.2014 20:29:23
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.