VIR Vulnerability Intelligence Relay

Package impact

python PyPI / roundup

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2012-6132 medium 4.3 4y ago Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
CVE-2014-6276 medium 4.3 4.3 10y ago schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing…
CVE-2012-6131 medium 4.3 12y ago Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
CVE-2012-6130 medium 4.3 12y ago Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
CVE-2010-2491 medium 4.3 16y ago Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
CVE-2004-1444 unknown 1.0 4y ago Roundup Directory traversal vulnerability
CVE-2025-53865 unknown 11mo ago In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
CVE-2024-39124 unknown 2y ago In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
CVE-2024-39126 unknown 2y ago Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
CVE-2024-39125 unknown 2y ago Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
CVE-2009-2737 unknown 4y ago Roundup Improper Access Control
CVE-2008-1474 unknown 4y ago Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
CVE-2008-1475 unknown 4y ago The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) se…
CVE-2012-6133 unknown 4y ago Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to i…
CVE-2019-10904 unknown 7y ago Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.