Required CVE Record Information
Description
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
References 6 Total
- https://bugzilla.redhat.com/show_bug.cgi?id=722672
- https://pypi.python.org/pypi/roundup/1.4.20
- openwall.com: [oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version mailing-list
- openwall.com: [oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version mailing-list
- exchange.xforce.ibmcloud.com: roundup-cve20126131-action-xss(84190) vdb-entry
- http://issues.roundup-tracker.org/issue2550711
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 6 Total
- https://bugzilla.redhat.com/show_bug.cgi?id=722672 x_transferred
- https://pypi.python.org/pypi/roundup/1.4.20 x_transferred
- openwall.com: [oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version mailing-listx_transferred
- openwall.com: [oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version mailing-listx_transferred
- exchange.xforce.ibmcloud.com: roundup-cve20126131-action-xss(84190) vdb-entryx_transferred
- http://issues.roundup-tracker.org/issue2550711 x_transferred