CVE-2008-1474
published 2008-03-24CVE-2008-1474: Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
PriorityP413medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.49%
70.8th percentile
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
Affected
77 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roundup-tracker | roundup | <= 1.4.3 | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Roundup vulnerability related to Cross-site scripting (XSS)
ghsa·2022-05-01
CVE-2008-1474 [MEDIUM] CWE-79 Roundup vulnerability related to Cross-site scripting (XSS)
Roundup vulnerability related to Cross-site scripting (XSS)
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
OSV
Roundup vulnerability related to Cross-site scripting (XSS)
osv·2022-05-01
CVE-2008-1474 [MEDIUM] Roundup vulnerability related to Cross-site scripting (XSS)
Roundup vulnerability related to Cross-site scripting (XSS)
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
OSV
CVE-2008-1474: Multiple unspecified vulnerabilities in Roundup before 1
osv·2008-03-24
CVE-2008-1474 CVE-2008-1474: Multiple unspecified vulnerabilities in Roundup before 1
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
Red Hat
Roundup 1.4.4 contains security fixes
vendor_redhat·CVSS 4.3
CVE-2008-1474 [MEDIUM] Roundup 1.4.4 contains security fixes
Roundup 1.4.4 contains security fixes
Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS).
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2008-1475 roundup: xmlrpc-server not checking property permissions
bugzilla·2008-06-06·CVSS 4.3
CVE-2008-1475 [MEDIUM] CVE-2008-1475 roundup: xmlrpc-server not checking property permissions
CVE-2008-1475 roundup: xmlrpc-server not checking property permissions
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-1475 to the following vulnerability:
The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the (1) list, (2) display, and (3) set methods.
Upstream bug report:
http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
Aditional refences:
http://www.securityfocus.com/bid/28238
http://www.frsirt.com/english/advisories/2008/0891
http://secunia.com/advisories/29336
http://xforce.iss.net/xforce/xfdb/41240
Discussion:
CVE description also references our bug for CVE-2008-1474 (bug bug #436546) and
Fedora updates t
Bugzilla
CVE-2008-1474 Roundup 1.4.4 contains security fixes
bugzilla·2008-03-07·CVSS 4.3
CVE-2008-1474 [MEDIUM] CVE-2008-1474 Roundup 1.4.4 contains security fixes
CVE-2008-1474 Roundup 1.4.4 contains security fixes
1.) First one is this:
http://sourceforge.net/tracker/index.php?func=detail&aid=1907211&group_id=31577&atid=402788
The ticket more-or-less describes the fix
The pertinent changes are these:
http://sourceforge.net/mailarchive/forum.php?thread_name=E1JXR7v-0000BC-C0%40sc8-pr-cvs9.sourceforge.net&forum_name=roundup-checkins
http://sourceforge.net/mailarchive/forum.php?thread_name=E1JXR7v-0000B9-5n%40sc8-pr-cvs9.sourceforge.net&forum_name=roundup-checkins
http://sourceforge.net/mailarchive/forum.php?thread_name=E1JXR7v-0000B8-5X%40sc8-pr-cvs9.sourceforge.net&forum_name=roundup-checkins
2.) And second one will probably need some more thinking; all upstream says is
"security fix"
Documentation:
http://sourceforge.net/mailarchive/forum.ph
http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markuphttp://secunia.com/advisories/29336http://secunia.com/advisories/29375http://secunia.com/advisories/29848http://secunia.com/advisories/30274http://security.gentoo.org/glsa/glsa-200805-21.xmlhttp://www.debian.org/security/2008/dsa-1554http://www.securityfocus.com/bid/28239http://www.vupen.com/english/advisories/2008/0891https://bugzilla.redhat.com/show_bug.cgi?id=436546https://exchange.xforce.ibmcloud.com/vulnerabilities/41241https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.htmlhttp://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markuphttp://secunia.com/advisories/29336http://secunia.com/advisories/29375http://secunia.com/advisories/29848http://secunia.com/advisories/30274http://security.gentoo.org/glsa/glsa-200805-21.xmlhttp://www.debian.org/security/2008/dsa-1554http://www.securityfocus.com/bid/28239http://www.vupen.com/english/advisories/2008/0891https://bugzilla.redhat.com/show_bug.cgi?id=436546https://exchange.xforce.ibmcloud.com/vulnerabilities/41241https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html
2008-03-24
Published