Roundup-tracker Roundup — known CVE vulnerabilities
Every CVE whose affected-product data names Roundup-tracker Roundup, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (13)
CVE-2008-1475 — CVSS 6.4 (medium): The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read…
CVE-2012-6133 — CVSS 6.1 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML…
CVE-2019-10904 — CVSS 6.1 (medium): Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors.
CVE-2004-1444 — CVSS 5.0 (medium): Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences…
CVE-2012-6132 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2014-6276 — CVSS 4.3 (medium): schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote…
CVE-2012-6131 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script…
CVE-2012-6130 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web…
CVE-2010-2491 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script…
CVE-2008-1474 — CVSS 4.3 (medium): Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to…