GitHub Advisory DatabaseGHSA-GW2Q-CGVQ-9G3VRoundup Cross-site scripting (XSS) vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
65.1%
Cross-site Scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
Affected configurations
References
issues.roundup-tracker.org/issue2550711
www.openwall.com/lists/oss-security/2012/11/10/2
www.openwall.com/lists/oss-security/2013/02/13/8
bugzilla.redhat.com/show_bug.cgi?id=722672
exchange.xforce.ibmcloud.com/vulnerabilities/84190
github.com/advisories/GHSA-gw2q-cgvq-9g3v
github.com/roundup-tracker/roundup/commit/38193cc7d93567e04dae71cf526427473685d35e
github.com/roundup-tracker/roundup/commit/ea29de37416f5b2126b3249cdd6bf12e5098c646
nvd.nist.gov/vuln/detail/CVE-2012-6131
pypi.python.org/pypi/roundup/1.4.20
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
65.1%