Note:
This project will be discontinued after December 13, 2021. [more]
2014-04-11
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
Products | Roundup |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Links |
• http://issues.roundup-tracker.org/issue2550711
• http://www.openwall.com/lists/oss-security/2013/02/13/8 • https://pypi.python.org/pypi/roundup/1.4.20 • https://exchange.xforce.ibmcloud.com/vulnerabilities/84190 • https://bugzilla.redhat.com/show_bug.cgi?id=722672 |