Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
113078.3%MEDIUM

Related CVEs

13
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-39126Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.MEDIUM5.424.2%Jul 17, 2024
CVE-2024-39125Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.MEDIUM5.420.3%Jul 17, 2024
CVE-2024-39124In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.MEDIUM5.420.6%Jul 17, 2024
CVE-2012-6133Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.MEDIUM6.172.0%Jan 30, 2020
CVE-2019-10904Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.NONE72.2%Apr 6, 2019
CVE-2014-6276schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.NONE71.8%Apr 13, 2016
CVE-2012-6131Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.NONE78.2%Apr 11, 2014
CVE-2012-6130Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.NONE78.2%Apr 11, 2014
CVE-2012-6132Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.NONE76.1%Apr 10, 2014
CVE-2010-2491Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.NONE83.0%Sep 24, 2010
CVE-2008-1474Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).NONE70.9%Mar 24, 2008
CVE-2008-1475The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.NONE75.0%Mar 24, 2008
CVE-2004-1444Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.NONE94.5%Dec 31, 2004