CVE-2012-6130
published 2014-04-11CVE-2012-6130: Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.98%
78.1th percentile
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roundup-tracker | roundup | <= 1.4.19 | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | >= 0 < 1.4.20 | 1.4.20 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Roundup Cross-site Scripting (XSS) vulnerability
ghsa·2022-05-17
CVE-2012-6130 [MEDIUM] CWE-79 Roundup Cross-site Scripting (XSS) vulnerability
Roundup Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
OSV
Roundup Cross-site Scripting (XSS) vulnerability
osv·2022-05-17
CVE-2012-6130 [MEDIUM] Roundup Cross-site Scripting (XSS) vulnerability
Roundup Cross-site Scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
OSV
CVE-2012-6130: Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1
osv·2014-04-11
CVE-2012-6130 CVE-2012-6130: Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
No detection rules found.
No public exploits indexed.
http://issues.roundup-tracker.org/issue2550684http://www.openwall.com/lists/oss-security/2012/11/10/2http://www.openwall.com/lists/oss-security/2013/02/13/8https://bugzilla.redhat.com/show_bug.cgi?id=722672https://exchange.xforce.ibmcloud.com/vulnerabilities/84189https://pypi.python.org/pypi/roundup/1.4.20http://issues.roundup-tracker.org/issue2550684http://www.openwall.com/lists/oss-security/2012/11/10/2http://www.openwall.com/lists/oss-security/2013/02/13/8https://bugzilla.redhat.com/show_bug.cgi?id=722672https://exchange.xforce.ibmcloud.com/vulnerabilities/84189https://pypi.python.org/pypi/roundup/1.4.20
2014-04-11
Published