Skip to main content

Roundup

8 CVEs product

Monthly

CVE-2024-39126 PyPI MEDIUM PATCH This Month

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39125 PyPI MEDIUM PATCH This Month

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-39124 PyPI MEDIUM PATCH This Month

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2019-10904 PyPI MEDIUM POC PATCH This Month

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Debian Linux Roundup
NVD GitHub
CVSS 3.0
6.1
EPSS
1.6%
CVE-2014-6276 PyPI MEDIUM PATCH This Month

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Roundup Debian Linux
NVD
CVSS 3.0
4.3
EPSS
0.1%
CVE-2012-6131 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6130 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
CVSS 2.0
4.3
EPSS
0.4%
CVE-2012-6132 PyPI MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Roundup
NVD
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Debian Linux Roundup
NVD GitHub
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Roundup Debian Linux
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Roundup
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy