Latest version: v2.4.0
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2024-39125 | 72257 |
Roundup affected versions allow XSS via a SCRIPT element in an HTTP R… |
|
MEDIUM | 5.4 |
| CVE-2024-39124 | 72259 |
In affected versions of Roundup, classhelpers (_generic.help.html) al… |
|
MEDIUM | 5.4 |
| CVE-2024-39126 | 72258 |
Roundup affected versions allow XSS via JavaScript in PDF, XML, and S… |
|
MEDIUM | 5.4 |
| PVE-2023-58862 | 58862 |
Roundup 2.3.0b2 stops adding 'Access-Control-Allow-Credentials' heade… |
|
- | - |
| CVE-2011-4969 | 58898 |
Roundup 2.1.0b1 updates its dependency 'jquery' to v3.5.1 to include … |
|
MEDIUM | 4.3 |
| CVE-2019-11358 | 58863 |
Roundup 2.1.0b1 updates its dependency 'jquery' to v3.5.1 to include … |
|
MEDIUM | 6.1 |
| CVE-2012-6708 | 58897 |
Roundup 2.1.0b1 updates its dependency 'jquery' to v3.5.1 to include … |
|
MEDIUM | 6.1 |
| PVE-2023-58899 | 58899 |
Roundup 2.1.0b1 includes a fix for a timing attack vulnerability. ht… |
|
- | - |
| CVE-2020-7656 | 58895 |
Roundup 2.1.0b1 updates its dependency 'jquery' to v3.5.1 to include … |
|
MEDIUM | 6.1 |
| CVE-2015-9251 | 58896 |
Roundup 2.1.0b1 updates its dependency 'jquery' to v3.5.1 to include … |
|
MEDIUM | 6.1 |
| PVE-2023-58894 | 58894 |
Roundup 1.6.0 includes a security fix: XSS on 404 page. https://issu… |
|
- | - |
| PVE-2023-58866 | 58866 |
Roundup 1.6.0 includes a security fix: Inadequate CSRF protection. h… |
|
- | - |
| CVE-2019-10904 | 37025 |
Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and … |
|
MEDIUM | 6.1 |
| PVE-2023-58867 | 58867 |
Roundup 1.5.1 includes a fix for a XSS vulnerability. https://issues… |
|
- | - |
| PVE-2023-58893 | 58893 |
Roundup 1.5.1 includes a security fix: HTML attachments should not be… |
|
- | - |
| PVE-2023-58872 | 58872 |
Roundup 1.4.7 disables serving uploaded HTML files content as HTML by… |
|
- | - |
| PVE-2023-58890 | 58890 |
Roundup 1.4.7 fixes improper permissions vulnerabilities. https://gi… |
|
- | - |
| CVE-2012-6133 | 37744 |
Multiple cross-site scripting (XSS) vulnerabilities in Roundup before… |
|
MEDIUM | 6.1 |
| CVE-2012-6130 | 33162 |
Cross-site scripting (XSS) vulnerability in the history display in Ro… |
|
MEDIUM | 4.3 |
| CVE-2012-6131 | 33163 |
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup … |
|
MEDIUM | 4.3 |
| PVE-2023-58870 | 58870 |
Roundup 1.4.17 includes a security fix: An user which didn't have acc… |
|
- | - |
| PVE-2023-58892 | 58892 |
Roundup 1.4.17 includes a fix for an unsafe password handling vulnera… |
|
- | - |
| PVE-2023-58891 | 58891 |
Roundup 1.4.11 includes a fix for a privileges escalation vulnerabili… |
|
- | - |
| PVE-2023-58871 | 58871 |
Roundup 1.4.11 includes a security fix: If user hasn't permission on … |
|
- | - |
| CVE-2004-1444 | 61226 |
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows… |
|
MEDIUM | 5.0 |
| PVE-2023-58882 | 58882 |
Roundup 0.6.0b4 includes a fix for a XSS vulnerability. https://gith… |
|
- | - |
| CVE-2014-6276 | 54086 |
schema.py in Roundup before 1.5.1 does not properly limit attributes … |
|
MEDIUM | 4.3 |
| CVE-2008-1475 | 54035 |
The xml-rpc server in Roundup 1.4.4 does not check property permissio… |
|
MEDIUM | 6.4 |
| CVE-2008-1474 | 54034 |
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unk… |
|
MEDIUM | 4.3 |
| CVE-2012-6132 | 54079 |
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 all… |
|
MEDIUM | 4.3 |
| CVE-2010-2491 | 54052 |
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup … |
|
MEDIUM | 4.3 |