Roundup-Tracker Roundup 1.0

CPE Details

Roundup-Tracker Roundup 1.0
roundup-tracker
roundup
1.0
2012-05-31
16h36 +00:00
2012-05-31
16h36 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:roundup-tracker:roundup:1.0:*:*:*:*:*:*:*

Informations

Vendor

roundup-tracker

Product

roundup

Version

1.0

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-39125 2024-07-17 00h00 +00:00 Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
5.4
Moyen
CVE-2024-39126 2024-07-17 00h00 +00:00 Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
5.4
Moyen
CVE-2024-39124 2024-07-16 22h00 +00:00 In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
6.1
Moyen
CVE-2012-6133 2020-01-30 19h22 +00:00 Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
6.1
Moyen
CVE-2014-6276 2016-04-13 12h00 +00:00 schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
4.3
Moyen
CVE-2012-6130 2014-04-11 13h00 +00:00 Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
4.3
CVE-2012-6131 2014-04-11 13h00 +00:00 Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
4.3
CVE-2012-6132 2014-04-10 17h00 +00:00 Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
4.3
CVE-2010-2491 2010-09-24 18h00 +00:00 Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
4.3
CVE-2008-1474 2008-03-24 21h00 +00:00 Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
4.3
CVE-2008-1475 2008-03-24 21h00 +00:00 The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
6.4
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.