CVE-2012-6131
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0041 (0.4%)
Percentil: 61.1%
EPSS: 2026-05-06
Afecta
roundup-tracker:roundupDescripción técnica
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
Publicada: 11/4/2014, 15:55:16
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://issues.roundup-tracker.org/issue2550711
- http://www.openwall.com/lists/oss-security/2012/11/10/2
- http://www.openwall.com/lists/oss-security/2013/02/13/8
- https://bugzilla.redhat.com/show_bug.cgi?id=722672
- https://exchange.xforce.ibmcloud.com/vulnerabilities/84190
- https://pypi.python.org/pypi/roundup/1.4.20
- http://issues.roundup-tracker.org/issue2550711
- http://www.openwall.com/lists/oss-security/2012/11/10/2