MidnightBSD

Advisories for roundup-tracker

CVE-2004-1444 MEDIUM

Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
roundup-tracker roundup 0.2.7
roundup-tracker roundup 0.4.1
roundup-tracker roundup *
roundup-tracker roundup 0.2.2
roundup-tracker roundup 0.2.3
roundup-tracker roundup 0.5.3
roundup-tracker roundup 0.1.1
roundup-tracker roundup 0.3.0
roundup-tracker roundup 0.5.4
roundup-tracker roundup 0.2.1
roundup-tracker roundup 0.5.6
roundup-tracker roundup 0.2.4
roundup-tracker roundup 0.5.2
roundup-tracker roundup 0.6.3
roundup-tracker roundup 0.2.6
roundup-tracker roundup 0.5.0
roundup-tracker roundup 0.6.0
roundup-tracker roundup 0.2.0
roundup-tracker roundup 0.1.3
roundup-tracker roundup 0.4.2
roundup-tracker roundup 0.2.8
roundup-tracker roundup 0.4.0
roundup-tracker roundup 0.1.0
roundup-tracker roundup 0.6.2
roundup-tracker roundup 0.5.7
roundup-tracker roundup 0.6.1
roundup-tracker roundup 0.5.1
roundup-tracker roundup 0.5.5
roundup-tracker roundup 0.5
roundup-tracker roundup 0.5.8
roundup-tracker roundup 0.2.5
roundup-tracker roundup 0.5.9
roundup-tracker roundup 0.1.2
CVE-2010-2491 MEDIUM

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
roundup-tracker roundup 0.4.1
roundup-tracker roundup 1.3.3
roundup-tracker roundup 1.4.6
roundup-tracker roundup *
roundup-tracker roundup 1.2.1
roundup-tracker roundup 0.2.2
roundup-tracker roundup 0.6.5
roundup-tracker roundup 1.2.0
roundup-tracker roundup 1.4.0
roundup-tracker roundup 0.3.0
roundup-tracker roundup 1.1.0
roundup-tracker roundup 0.9.0
roundup-tracker roundup 0.6.6
roundup-tracker roundup 0.5.4
roundup-tracker roundup 0.2.1
roundup-tracker roundup 1.4.7
roundup-tracker roundup 0.5.6
roundup-tracker roundup 0.5.2
roundup-tracker roundup 0.6.3
roundup-tracker roundup 0.2.0
roundup-tracker roundup 0.8.0
roundup-tracker roundup 0.1.3
roundup-tracker roundup 0.8.2
roundup-tracker roundup 1.4.4
roundup-tracker roundup 0.7.9
roundup-tracker roundup 0.6.2
roundup-tracker roundup 0.5.7
roundup-tracker roundup 0.8.6
roundup-tracker roundup 0.5.1
roundup-tracker roundup 0.5.8
roundup-tracker roundup 0.7.2
roundup-tracker roundup 0.8.5
roundup-tracker roundup 0.7.4
roundup-tracker roundup 1.1.2
roundup-tracker roundup 1.0
roundup-tracker roundup 1.4.5
roundup-tracker roundup 1.4.12
roundup-tracker roundup 1.4.11
roundup-tracker roundup 0.7.6
roundup-tracker roundup 0.1.2
roundup-tracker roundup 0.8.4
roundup-tracker roundup 0.2.7
roundup-tracker roundup 0.7.0
roundup-tracker roundup 0.6.10
roundup-tracker roundup 0.7.1
roundup-tracker roundup 0.2.3
roundup-tracker roundup 0.5.3
roundup-tracker roundup 1.4.9
roundup-tracker roundup 0.1.1
roundup-tracker roundup 0.7.7
roundup-tracker roundup 1.4.2
roundup-tracker roundup 1.4.1
roundup-tracker roundup 0.7.5
roundup-tracker roundup 1.1.1
roundup-tracker roundup 1.4.8
roundup-tracker roundup 0.6.9
roundup-tracker roundup 1.3.0
roundup-tracker roundup 0.2.4
roundup-tracker roundup 0.2.6
roundup-tracker roundup 0.8.3
roundup-tracker roundup 1.0.1
roundup-tracker roundup 0.5.0
roundup-tracker roundup 1.3.2
roundup-tracker roundup 0.6.0
roundup-tracker roundup 0.7.11
roundup-tracker roundup 0.7.3
roundup-tracker roundup 0.7.8
roundup-tracker roundup 1.3.1
roundup-tracker roundup 0.4.2
roundup-tracker roundup 0.6.7
roundup-tracker roundup 0.2.8
roundup-tracker roundup 0.4.0
roundup-tracker roundup 1.4.10
roundup-tracker roundup 0.1.0
roundup-tracker roundup 0.6.1
roundup-tracker roundup 1.4.3
roundup-tracker roundup 0.5.5
roundup-tracker roundup 0.5
roundup-tracker roundup 0.7.10
roundup-tracker roundup 0.6.4
roundup-tracker roundup 0.6.8
roundup-tracker roundup 0.6.11
roundup-tracker roundup 0.7.12
roundup-tracker roundup 0.2.5
roundup-tracker roundup 0.5.9
roundup-tracker roundup 0.8.1
CVE-2012-6130 MEDIUM

Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
roundup-tracker roundup 1.4.6
roundup-tracker roundup 1.4.14
roundup-tracker roundup *
roundup-tracker roundup 1.4.4
roundup-tracker roundup 1.4.15
roundup-tracker roundup 1.4.9
roundup-tracker roundup 1.4.10
roundup-tracker roundup 1.4.0
roundup-tracker roundup 1.4.17
roundup-tracker roundup 1.4.3
roundup-tracker roundup 1.4.18
roundup-tracker roundup 1.4.2
roundup-tracker roundup 1.4.1
roundup-tracker roundup 1.4.8
roundup-tracker roundup 1.4.16
roundup-tracker roundup 1.4.5
roundup-tracker roundup 1.4.7
roundup-tracker roundup 1.4.13
roundup-tracker roundup 1.4.12
roundup-tracker roundup 1.4.11
CVE-2012-6131 MEDIUM

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
roundup-tracker roundup 1.4.6
roundup-tracker roundup 1.4.14
roundup-tracker roundup *
roundup-tracker roundup 1.4.4
roundup-tracker roundup 1.4.15
roundup-tracker roundup 1.4.9
roundup-tracker roundup 1.4.10
roundup-tracker roundup 1.4.0
roundup-tracker roundup 1.4.17
roundup-tracker roundup 1.4.3
roundup-tracker roundup 1.4.18
roundup-tracker roundup 1.4.2
roundup-tracker roundup 1.4.1
roundup-tracker roundup 1.4.8
roundup-tracker roundup 1.4.16
roundup-tracker roundup 1.4.5
roundup-tracker roundup 1.4.7
roundup-tracker roundup 1.4.13
roundup-tracker roundup 1.4.12
roundup-tracker roundup 1.4.11
CVE-2012-6132 MEDIUM

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
roundup-tracker roundup 1.4.6
roundup-tracker roundup 1.4.14
roundup-tracker roundup *
roundup-tracker roundup 1.4.4
roundup-tracker roundup 1.4.15
roundup-tracker roundup 1.4.9
roundup-tracker roundup 1.4.10
roundup-tracker roundup 1.4.0
roundup-tracker roundup 1.4.17
roundup-tracker roundup 1.4.3
roundup-tracker roundup 1.4.18
roundup-tracker roundup 1.4.2
roundup-tracker roundup 1.4.1
roundup-tracker roundup 1.4.8
roundup-tracker roundup 1.4.16
roundup-tracker roundup 1.4.5
roundup-tracker roundup 1.4.7
roundup-tracker roundup 1.4.13
roundup-tracker roundup 1.4.12
roundup-tracker roundup 1.4.11
CVE-2012-6133 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
roundup-tracker roundup *
CVE-2014-6276 MEDIUM

schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
roundup-tracker roundup *
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2019-10904 MEDIUM

Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
roundup-tracker roundup 1.6
debian debian_linux 8.0
CVE-2024-39124

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.

Products Affected

Vendor Product Version
roundup-tracker roundup *
CVE-2024-39125

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.

Products Affected

Vendor Product Version
roundup-tracker roundup *
CVE-2024-39126

Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.

Products Affected

Vendor Product Version
roundup-tracker roundup *