Note:
This project will be discontinued after December 13, 2021. [more]
2014-04-10
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
Products | Roundup |
Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
First patch | - None (likely due to unavailable code) |
Links |
• https://exchange.xforce.ibmcloud.com/vulnerabilities/84191
• http://www.openwall.com/lists/oss-security/2013/02/13/8 • https://bugzilla.redhat.com/show_bug.cgi?id=722672 • http://www.openwall.com/lists/oss-security/2012/11/10/2 |