CVE-2012-6131
published 2014-04-11CVE-2012-6131: Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.98%
78.1th percentile
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roundup-tracker | roundup | <= 1.4.19 | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | — | — |
| roundup-tracker | roundup | >= 0 < 1.4.20 | 1.4.20 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Roundup Cross-site scripting (XSS) vulnerability
ghsa·2022-05-17
CVE-2012-6131 [MEDIUM] CWE-79 Roundup Cross-site scripting (XSS) vulnerability
Roundup Cross-site scripting (XSS) vulnerability
Cross-site Scripting (XSS) vulnerability in `cgi/client.py` in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the `@action` parameter to `support/issue1`.
OSV
Roundup Cross-site scripting (XSS) vulnerability
osv·2022-05-17
CVE-2012-6131 [MEDIUM] Roundup Cross-site scripting (XSS) vulnerability
Roundup Cross-site scripting (XSS) vulnerability
Cross-site Scripting (XSS) vulnerability in `cgi/client.py` in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the `@action` parameter to `support/issue1`.
OSV
CVE-2012-6131: Cross-site scripting (XSS) vulnerability in cgi/client
osv·2014-04-11
CVE-2012-6131 CVE-2012-6131: Cross-site scripting (XSS) vulnerability in cgi/client
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
No detection rules found.
No public exploits indexed.
http://issues.roundup-tracker.org/issue2550711http://www.openwall.com/lists/oss-security/2012/11/10/2http://www.openwall.com/lists/oss-security/2013/02/13/8https://bugzilla.redhat.com/show_bug.cgi?id=722672https://exchange.xforce.ibmcloud.com/vulnerabilities/84190https://pypi.python.org/pypi/roundup/1.4.20http://issues.roundup-tracker.org/issue2550711http://www.openwall.com/lists/oss-security/2012/11/10/2http://www.openwall.com/lists/oss-security/2013/02/13/8https://bugzilla.redhat.com/show_bug.cgi?id=722672https://exchange.xforce.ibmcloud.com/vulnerabilities/84190https://pypi.python.org/pypi/roundup/1.4.20
2014-04-11
Published