Vulnerabilities (CVE)

Filtered by vendor Roundup-tracker Subscribe

Filtered by product Roundup

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2012-6133	1 Roundup-tracker	1 Roundup	2020-01-31	4.3 MEDIUM	6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
CVE-2019-10904	2 Debian, Roundup-tracker	2 Debian Linux, Roundup	2019-04-09	4.3 MEDIUM	6.1 MEDIUM
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
CVE-2014-6276	2 Debian, Roundup-tracker	2 Debian Linux, Roundup	2016-04-20	4.0 MEDIUM	4.3 MEDIUM
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.