Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-2491

Published: 24/09/2010 Updated: 31/05/2012
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Roundup-tracker

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup prior to 1.4.14 allows remote malicious users to inject arbitrary web script or HTML via the template argument to the /issue program.

Vulnerable Product Search on Vulmon Subscribe to Product

roundup-tracker roundup 0.7.1

roundup-tracker roundup 0.7.4

roundup-tracker roundup 0.7.3

roundup-tracker roundup 0.7.0

roundup-tracker roundup 0.8.4

roundup-tracker roundup 0.8.5

roundup-tracker roundup 0.8.0

roundup-tracker roundup 1.1.2

roundup-tracker roundup 1.1.1

roundup-tracker roundup 1.1.0

roundup-tracker roundup 0.6.11

roundup-tracker roundup 0.5.1

roundup-tracker roundup 0.5.2

roundup-tracker roundup 0.1.1

roundup-tracker roundup 0.1.0

roundup-tracker roundup 0.1.3

roundup-tracker roundup 0.4.0

roundup-tracker roundup 0.3.0

roundup-tracker roundup 0.4.1

roundup-tracker roundup 0.6.0

roundup-tracker roundup 0.6.6

roundup-tracker roundup 0.6.5

roundup-tracker roundup

roundup-tracker roundup 0.7.6

roundup-tracker roundup 0.6.10

roundup-tracker roundup 0.6.9

roundup-tracker roundup 0.8.6

roundup-tracker roundup 0.9.0

roundup-tracker roundup 0.7.11

roundup-tracker roundup 0.7.12

roundup-tracker roundup 1.4.0

roundup-tracker roundup 1.3.3

roundup-tracker roundup 1.3.2

roundup-tracker roundup 1.4.11

roundup-tracker roundup 0.5

roundup-tracker roundup 0.5.7

roundup-tracker roundup 0.5.8

roundup-tracker roundup 0.2.5

roundup-tracker roundup 0.2.2

roundup-tracker roundup 0.2.3

roundup-tracker roundup 0.2.8

roundup-tracker roundup 0.5.0

roundup-tracker roundup 0.4.2

roundup-tracker roundup 1.4.4

roundup-tracker roundup 1.4.5

roundup-tracker roundup 1.4.6

roundup-tracker roundup 1.4.7

roundup-tracker roundup 0.7.8

roundup-tracker roundup 0.7.2

roundup-tracker roundup 0.6.7

roundup-tracker roundup 1.0

roundup-tracker roundup 0.8.2

roundup-tracker roundup 0.8.1

roundup-tracker roundup 0.7.10

roundup-tracker roundup 1.3.0

roundup-tracker roundup 1.2.0

roundup-tracker roundup 0.5.9

roundup-tracker roundup 1.4.1

roundup-tracker roundup 0.5.6

roundup-tracker roundup 0.5.4

roundup-tracker roundup 0.2.1

roundup-tracker roundup 0.2.4

roundup-tracker roundup 0.2.7

roundup-tracker roundup 0.6.1

roundup-tracker roundup 0.6.4

roundup-tracker roundup 1.4.2

roundup-tracker roundup 1.4.9

roundup-tracker roundup 0.7.5

roundup-tracker roundup 0.7.7

roundup-tracker roundup 0.6.8

roundup-tracker roundup 1.0.1

roundup-tracker roundup 0.8.3

roundup-tracker roundup 0.7.9

roundup-tracker roundup 1.3.1

roundup-tracker roundup 1.2.1

roundup-tracker roundup 1.4.10

roundup-tracker roundup 1.4.12

roundup-tracker roundup 0.5.5

roundup-tracker roundup 0.5.3

roundup-tracker roundup 0.1.2

roundup-tracker roundup 0.2.0

roundup-tracker roundup 0.2.6

roundup-tracker roundup 0.6.2

roundup-tracker roundup 0.6.3

roundup-tracker roundup 1.4.3

roundup-tracker roundup 1.4.8

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2010-2491: XSS
Debian Bug report logs - #590769 CVE-2010-2491: XSS Package: roundup; Maintainer for roundup is Kai Storbeck <kai@xs4allnl>; Source for roundup is src:roundup (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Thu, 29 Jul 2010 04:39:01 UTC Severity: grave Tags: security Fixed in version r ...

References

CWE-79http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.htmlhttp://www.securityfocus.com/bid/41326http://bugs.gentoo.org/show_bug.cgi?id=326395https://bugzilla.redhat.com/show_bug.cgi?id=610861http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.htmlhttp://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486http://issues.roundup-tracker.org/issue2550654http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.comhttp://secunia.com/advisories/41585http://www.openwall.com/lists/oss-security/2010/07/02/12http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.htmlhttp://www.openwall.com/lists/oss-security/2010/07/02/3http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486http://secunia.com/advisories/40433https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590769https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook