Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/roundup@0.6.11
Typepypi
Namespace
Nameroundup
Version0.6.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.4.5
Latest_non_vulnerable_version2.5.0
Affected_by_vulnerabilities
0
url VCID-1w67-ygzj-fugz
vulnerability_id VCID-1w67-ygzj-fugz
summary schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
references
0
reference_url http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
reference_id
reference_type
scores
url http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
1
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2016-33.yaml
2
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
3
reference_url https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
reference_id
reference_type
scores
url https://sourceforge.net/p/roundup/code/ci/tip/tree/CHANGES.txt
4
reference_url http://www.debian.org/security/2016/dsa-3502
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3502
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-6276
reference_id CVE-2014-6276
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-6276
6
reference_url https://github.com/advisories/GHSA-j556-q367-2gw6
reference_id GHSA-j556-q367-2gw6
reference_type
scores
url https://github.com/advisories/GHSA-j556-q367-2gw6
fixed_packages
0
url pkg:pypi/roundup@1.5.1
purl pkg:pypi/roundup@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ydc-txfc-pqe6
1
vulnerability VCID-agp7-u68t-abbe
2
vulnerability VCID-be33-dgsb-nycm
3
vulnerability VCID-m8r5-mtwf-cbgm
4
vulnerability VCID-yufw-2bru-h7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.5.1
aliases CVE-2014-6276, GHSA-j556-q367-2gw6, PYSEC-2016-33
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1w67-ygzj-fugz
1
url VCID-7kxe-bm1g-eyhe
vulnerability_id VCID-7kxe-bm1g-eyhe
summary Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
references
0
reference_url http://issues.roundup-tracker.org/issue2550711
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550711
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84190
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84190
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2014-16.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2014-16.yaml
4
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
5
reference_url https://github.com/roundup-tracker/roundup/commit/38193cc7d93567e04dae71cf526427473685d35e
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/38193cc7d93567e04dae71cf526427473685d35e
6
reference_url https://github.com/roundup-tracker/roundup/commit/ea29de37416f5b2126b3249cdd6bf12e5098c646
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/ea29de37416f5b2126b3249cdd6bf12e5098c646
7
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
8
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
9
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6131
reference_id CVE-2012-6131
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6131
11
reference_url https://github.com/advisories/GHSA-gw2q-cgvq-9g3v
reference_id GHSA-gw2q-cgvq-9g3v
reference_type
scores
url https://github.com/advisories/GHSA-gw2q-cgvq-9g3v
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w67-ygzj-fugz
1
vulnerability VCID-9ydc-txfc-pqe6
2
vulnerability VCID-agp7-u68t-abbe
3
vulnerability VCID-be33-dgsb-nycm
4
vulnerability VCID-m8r5-mtwf-cbgm
5
vulnerability VCID-yufw-2bru-h7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6131, GHSA-gw2q-cgvq-9g3v, PYSEC-2014-16
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7kxe-bm1g-eyhe
2
url VCID-9qv2-nkkm-53ae
vulnerability_id VCID-9qv2-nkkm-53ae
summary Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
references
0
reference_url http://issues.roundup-tracker.org/issue2550684
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550684
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
2
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84189
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84189
3
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
4
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
5
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w67-ygzj-fugz
1
vulnerability VCID-9ydc-txfc-pqe6
2
vulnerability VCID-agp7-u68t-abbe
3
vulnerability VCID-be33-dgsb-nycm
4
vulnerability VCID-m8r5-mtwf-cbgm
5
vulnerability VCID-yufw-2bru-h7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6130, GHSA-mccq-3m7h-fjxg, PYSEC-2014-15
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9qv2-nkkm-53ae
3
url VCID-9ydc-txfc-pqe6
vulnerability_id VCID-9ydc-txfc-pqe6
summary In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2025-69.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2025-69.yaml
1
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
2
reference_url https://github.com/roundup-tracker/roundup/commit/3b1f22f331d4798491bd4746dbaaa6cfbe972952
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/3b1f22f331d4798491bd4746dbaaa6cfbe972952
3
reference_url https://github.com/roundup-tracker/roundup/commit/65ac8f4dcb03a9a36a67c3e98fdf79cbd2a0b3fb
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/65ac8f4dcb03a9a36a67c3e98fdf79cbd2a0b3fb
4
reference_url https://www.roundup-tracker.org/docs/security.html
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/security.html
5
reference_url https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
reference_id
reference_type
scores
url https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-53865
reference_id CVE-2025-53865
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-53865
7
reference_url https://github.com/advisories/GHSA-qxh9-qmf2-rhwc
reference_id GHSA-qxh9-qmf2-rhwc
reference_type
scores
url https://github.com/advisories/GHSA-qxh9-qmf2-rhwc
fixed_packages
0
url pkg:pypi/roundup@2.5.0
purl pkg:pypi/roundup@2.5.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.5.0
aliases CVE-2025-53865, GHSA-qxh9-qmf2-rhwc, PYSEC-2025-69
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ydc-txfc-pqe6
4
url VCID-agp7-u68t-abbe
vulnerability_id VCID-agp7-u68t-abbe
summary In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-63.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-63.yaml
1
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
2
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
3
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.roundup-tracker.org
4
reference_url https://www.roundup-tracker.org/
reference_id
reference_type
scores
url https://www.roundup-tracker.org/
5
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39124
reference_id CVE-2024-39124
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39124
7
reference_url https://github.com/advisories/GHSA-w8vc-cwv9-wx67
reference_id GHSA-w8vc-cwv9-wx67
reference_type
scores
url https://github.com/advisories/GHSA-w8vc-cwv9-wx67
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ydc-txfc-pqe6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39124, GHSA-w8vc-cwv9-wx67, PYSEC-2024-63
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agp7-u68t-abbe
5
url VCID-be33-dgsb-nycm
vulnerability_id VCID-be33-dgsb-nycm
summary Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
references
0
reference_url https://bugs.python.org/issue36391
reference_id
reference_type
scores
url https://bugs.python.org/issue36391
1
reference_url https://github.com/advisories/GHSA-926q-wxr6-3crq
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-926q-wxr6-3crq
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2019-201.yaml
3
reference_url https://github.com/python/bugs.python.org/issues/34
reference_id
reference_type
scores
url https://github.com/python/bugs.python.org/issues/34
4
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
5
reference_url https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/04/msg00009.html
6
reference_url https://pypi.org/project/roundup/2.0.0alpha0
reference_id
reference_type
scores
url https://pypi.org/project/roundup/2.0.0alpha0
7
reference_url https://www.openwall.com/lists/oss-security/2019/04/05/1
reference_id
reference_type
scores
url https://www.openwall.com/lists/oss-security/2019/04/05/1
8
reference_url http://www.openwall.com/lists/oss-security/2019/04/07/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2019/04/07/1
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10904
reference_id CVE-2019-10904
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10904
fixed_packages
0
url pkg:pypi/roundup@2.0.0a0
purl pkg:pypi/roundup@2.0.0a0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ydc-txfc-pqe6
1
vulnerability VCID-agp7-u68t-abbe
2
vulnerability VCID-be33-dgsb-nycm
3
vulnerability VCID-m8r5-mtwf-cbgm
4
vulnerability VCID-yufw-2bru-h7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0a0
1
url pkg:pypi/roundup@2.0.0
purl pkg:pypi/roundup@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ydc-txfc-pqe6
1
vulnerability VCID-agp7-u68t-abbe
2
vulnerability VCID-m8r5-mtwf-cbgm
3
vulnerability VCID-yufw-2bru-h7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.0.0
aliases CVE-2019-10904, GHSA-926q-wxr6-3crq, PYSEC-2019-201
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be33-dgsb-nycm
6
url VCID-m8r5-mtwf-cbgm
vulnerability_id VCID-m8r5-mtwf-cbgm
summary Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-65.yaml
1
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
2
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
3
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.roundup-tracker.org
4
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39126
reference_id CVE-2024-39126
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39126
6
reference_url https://github.com/advisories/GHSA-x37x-qf4v-f54f
reference_id GHSA-x37x-qf4v-f54f
reference_type
scores
url https://github.com/advisories/GHSA-x37x-qf4v-f54f
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ydc-txfc-pqe6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39126, GHSA-x37x-qf4v-f54f, PYSEC-2024-65
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m8r5-mtwf-cbgm
7
url VCID-mz57-w4e7-k7gw
vulnerability_id VCID-mz57-w4e7-k7gw
summary Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
references
0
reference_url http://bugs.gentoo.org/show_bug.cgi?id=326395
reference_id
reference_type
scores
url http://bugs.gentoo.org/show_bug.cgi?id=326395
1
reference_url http://issues.roundup-tracker.org/issue2550654
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550654
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html
4
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html
5
reference_url http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486
reference_id
reference_type
scores
url http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486
6
reference_url http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
reference_id
reference_type
scores
url http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=610861
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=610861
8
reference_url http://secunia.com/advisories/40433
reference_id
reference_type
scores
url http://secunia.com/advisories/40433
9
reference_url http://secunia.com/advisories/41585
reference_id
reference_type
scores
url http://secunia.com/advisories/41585
10
reference_url http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com
reference_id
reference_type
scores
url http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com
11
reference_url http://www.openwall.com/lists/oss-security/2010/07/02/12
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2010/07/02/12
12
reference_url http://www.openwall.com/lists/oss-security/2010/07/02/3
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2010/07/02/3
13
reference_url http://www.securityfocus.com/bid/41326
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/41326
fixed_packages
0
url pkg:pypi/roundup@1.4.14
purl pkg:pypi/roundup@1.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w67-ygzj-fugz
1
vulnerability VCID-7kxe-bm1g-eyhe
2
vulnerability VCID-9qv2-nkkm-53ae
3
vulnerability VCID-9ydc-txfc-pqe6
4
vulnerability VCID-agp7-u68t-abbe
5
vulnerability VCID-be33-dgsb-nycm
6
vulnerability VCID-m8r5-mtwf-cbgm
7
vulnerability VCID-rpbj-pyv7-3kag
8
vulnerability VCID-yufw-2bru-h7h1
9
vulnerability VCID-zbqf-gvrf-m3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.14
aliases CVE-2010-2491, GHSA-frgf-rv99-862x, PYSEC-2010-31
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mz57-w4e7-k7gw
8
url VCID-rpbj-pyv7-3kag
vulnerability_id VCID-rpbj-pyv7-3kag
summary Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
1
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/84191
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/84191
2
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
3
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w67-ygzj-fugz
1
vulnerability VCID-9ydc-txfc-pqe6
2
vulnerability VCID-agp7-u68t-abbe
3
vulnerability VCID-be33-dgsb-nycm
4
vulnerability VCID-m8r5-mtwf-cbgm
5
vulnerability VCID-yufw-2bru-h7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6132, GHSA-5v6q-xqq8-g4xj, PYSEC-2014-96
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rpbj-pyv7-3kag
9
url VCID-v7q2-pt76-qbb4
vulnerability_id VCID-v7q2-pt76-qbb4
summary The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=436546
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=436546
1
reference_url http://secunia.com/advisories/29336
reference_id
reference_type
scores
url http://secunia.com/advisories/29336
2
reference_url http://secunia.com/advisories/29375
reference_id
reference_type
scores
url http://secunia.com/advisories/29375
3
reference_url http://secunia.com/advisories/30274
reference_id
reference_type
scores
url http://secunia.com/advisories/30274
4
reference_url http://secunia.com/advisories/32805
reference_id
reference_type
scores
url http://secunia.com/advisories/32805
5
reference_url http://security.gentoo.org/glsa/glsa-200805-21.xml
reference_id
reference_type
scores
url http://security.gentoo.org/glsa/glsa-200805-21.xml
6
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/41240
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-10.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-10.yaml
8
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
9
reference_url https://github.com/roundup-tracker/roundup/commit/c00b7e5801f8baa246fa76b4aad5287882310189
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/c00b7e5801f8baa246fa76b4aad5287882310189
10
reference_url http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
reference_id
reference_type
scores
url http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
11
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
12
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
13
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00452.html
14
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00478.html
15
reference_url http://www.securityfocus.com/bid/28238
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/28238
16
reference_url http://www.vupen.com/english/advisories/2008/0891
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/0891
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-1475
reference_id CVE-2008-1475
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2008-1475
18
reference_url https://github.com/advisories/GHSA-j59j-h3g7-cpmf
reference_id GHSA-j59j-h3g7-cpmf
reference_type
scores
url https://github.com/advisories/GHSA-j59j-h3g7-cpmf
fixed_packages
0
url pkg:pypi/roundup@1.4.5
purl pkg:pypi/roundup@1.4.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.5
aliases CVE-2008-1475, GHSA-j59j-h3g7-cpmf, PYSEC-2008-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7q2-pt76-qbb4
10
url VCID-vg3s-h9xc-83cx
vulnerability_id VCID-vg3s-h9xc-83cx
summary Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
references
0
reference_url http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup
reference_id
reference_type
scores
url http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=436546
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=436546
2
reference_url http://secunia.com/advisories/29336
reference_id
reference_type
scores
url http://secunia.com/advisories/29336
3
reference_url http://secunia.com/advisories/29375
reference_id
reference_type
scores
url http://secunia.com/advisories/29375
4
reference_url http://secunia.com/advisories/29848
reference_id
reference_type
scores
url http://secunia.com/advisories/29848
5
reference_url http://secunia.com/advisories/30274
reference_id
reference_type
scores
url http://secunia.com/advisories/30274
6
reference_url http://security.gentoo.org/glsa/glsa-200805-21.xml
reference_id
reference_type
scores
url http://security.gentoo.org/glsa/glsa-200805-21.xml
7
reference_url https://exchange.xforce.ibmcloud.com/vulnerabilities/41241
reference_id
reference_type
scores
url https://exchange.xforce.ibmcloud.com/vulnerabilities/41241
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-9.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2008-9.yaml
9
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup
10
reference_url https://github.com/roundup-tracker/roundup/commit/151ffd3367e7af563a92aabb3a8034a0f49063d9
reference_id
reference_type
scores
url https://github.com/roundup-tracker/roundup/commit/151ffd3367e7af563a92aabb3a8034a0f49063d9
11
reference_url https://lists.debian.org/debian-security-announce/2008/msg00125.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-security-announce/2008/msg00125.html
12
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html
13
reference_url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
reference_id
reference_type
scores
url https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
14
reference_url http://www.debian.org/security/2008/dsa-1554
reference_id
reference_type
scores
url http://www.debian.org/security/2008/dsa-1554
15
reference_url http://www.securityfocus.com/bid/28239
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/28239
16
reference_url http://www.vupen.com/english/advisories/2008/0891
reference_id
reference_type
scores
url http://www.vupen.com/english/advisories/2008/0891
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2008-1474
reference_id CVE-2008-1474
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2008-1474
18
reference_url https://github.com/advisories/GHSA-c3qv-mf8h-434r
reference_id GHSA-c3qv-mf8h-434r
reference_type
scores
url https://github.com/advisories/GHSA-c3qv-mf8h-434r
fixed_packages
0
url pkg:pypi/roundup@1.4.4
purl pkg:pypi/roundup@1.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w67-ygzj-fugz
1
vulnerability VCID-7kxe-bm1g-eyhe
2
vulnerability VCID-9qv2-nkkm-53ae
3
vulnerability VCID-9ydc-txfc-pqe6
4
vulnerability VCID-agp7-u68t-abbe
5
vulnerability VCID-be33-dgsb-nycm
6
vulnerability VCID-m8r5-mtwf-cbgm
7
vulnerability VCID-mz57-w4e7-k7gw
8
vulnerability VCID-rpbj-pyv7-3kag
9
vulnerability VCID-v7q2-pt76-qbb4
10
vulnerability VCID-yufw-2bru-h7h1
11
vulnerability VCID-zbqf-gvrf-m3fs
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.4
aliases CVE-2008-1474, GHSA-c3qv-mf8h-434r, PYSEC-2008-9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vg3s-h9xc-83cx
11
url VCID-yufw-2bru-h7h1
vulnerability_id VCID-yufw-2bru-h7h1
summary Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
references
0
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yaml
1
reference_url https://github.com/roundup-tracker/roundup
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup
2
reference_url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
3
reference_url https://www.roundup-tracker.org
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.roundup-tracker.org
4
reference_url https://www.roundup-tracker.org/docs/security.html#cve-announcements
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.roundup-tracker.org/docs/security.html#cve-announcements
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39125
reference_id CVE-2024-39125
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39125
6
reference_url https://github.com/advisories/GHSA-xjgw-ghrx-wfff
reference_id GHSA-xjgw-ghrx-wfff
reference_type
scores
url https://github.com/advisories/GHSA-xjgw-ghrx-wfff
fixed_packages
0
url pkg:pypi/roundup@2.4.0
purl pkg:pypi/roundup@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9ydc-txfc-pqe6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@2.4.0
aliases CVE-2024-39125, GHSA-xjgw-ghrx-wfff, PYSEC-2024-64
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yufw-2bru-h7h1
12
url VCID-zbqf-gvrf-m3fs
vulnerability_id VCID-zbqf-gvrf-m3fs
summary Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*.
references
0
reference_url http://issues.roundup-tracker.org/issue2550724
reference_id
reference_type
scores
url http://issues.roundup-tracker.org/issue2550724
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=722672
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=722672
2
reference_url https://github.com/advisories/GHSA-5jq3-8437-x35p
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-5jq3-8437-x35p
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2020-212.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2020-212.yaml
4
reference_url https://pypi.python.org/pypi/roundup/1.4.20
reference_id
reference_type
scores
url https://pypi.python.org/pypi/roundup/1.4.20
5
reference_url http://www.openwall.com/lists/oss-security/2012/11/10/2
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/11/10/2
6
reference_url http://www.openwall.com/lists/oss-security/2013/02/13/8
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2013/02/13/8
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6133
reference_id CVE-2012-6133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6133
fixed_packages
0
url pkg:pypi/roundup@1.4.20
purl pkg:pypi/roundup@1.4.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1w67-ygzj-fugz
1
vulnerability VCID-9ydc-txfc-pqe6
2
vulnerability VCID-agp7-u68t-abbe
3
vulnerability VCID-be33-dgsb-nycm
4
vulnerability VCID-m8r5-mtwf-cbgm
5
vulnerability VCID-yufw-2bru-h7h1
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/roundup@1.4.20
aliases CVE-2012-6133, GHSA-5jq3-8437-x35p, PYSEC-2020-212
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbqf-gvrf-m3fs
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/roundup@0.6.11