Roundup
CVE-2012-6132
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
AnalysisAI
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. Affected products include: Roundup-Tracker Roundup. Version information: before 1.4.20.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. R
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. Rated medium severity (CVSS 5.4), this vu
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. Rated medium severity (CVSS 5.4), this v
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. Rated medium severity (CVSS 5.4), this vulnerabili
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arb
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inje
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might a
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today