CVE-2012-6132 (NVD)

2014-04-10

Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.

Products Roundup
Type Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
First patch - None (likely due to unavailable code)
Links https://exchange.xforce.ibmcloud.com/vulnerabilities/84191
http://www.openwall.com/lists/oss-security/2013/02/13/8
https://bugzilla.redhat.com/show_bug.cgi?id=722672
http://www.openwall.com/lists/oss-security/2012/11/10/2