VIR Vulnerability Intelligence Relay

Package impact

python PyPI / roundup

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2012-6132 medium 4.3 4y ago Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. python
CVE-2014-6276 medium 4.3 4.3 10y ago schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing… debianpython
CVE-2012-6131 medium 4.3 12y ago Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. python
CVE-2012-6130 medium 4.3 12y ago Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. python
CVE-2010-2491 medium 4.3 16y ago Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. python
CVE-2025-53865 unknown 11mo ago In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive). python
CVE-2024-39125 unknown 2y ago Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. python
CVE-2024-39126 unknown 2y ago Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. python
CVE-2024-39124 unknown 2y ago In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. python
CVE-2009-2737 unknown 4y ago Roundup Improper Access Control python
CVE-2008-1475 unknown 4y ago The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) se… python
CVE-2008-1474 unknown 4y ago Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS). python
CVE-2004-1444 unknown 4y ago Roundup Directory traversal vulnerability python
CVE-2012-6133 unknown 4y ago Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to i… python
CVE-2019-10904 unknown 7y ago Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. python