GHSA-frgf-rv99-862x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-frgf-rv99-862x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-frgf-rv99-862x/GHSA-frgf-rv99-862x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-frgf-rv99-862x
- Aliases
-
- CVE-2010-2491
- PYSEC-2010-31
- Published
- 2022-05-17T05:28:58Z
- Modified
- 2024-10-26T23:02:16.335715Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N CVSS Calculator
- Summary
- Roundup Cross-site Scripting (XSS) vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in
cgi/client.pyin Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. - Database specific
{ "github_reviewed_at": "2024-05-01T11:16:54Z", "severity": "MODERATE", "cwe_ids": [ "CWE-79" ], "github_reviewed": true, "nvd_published_at": "2010-09-24T19:00:00Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2010-2491
- https://github.com/roundup-tracker/roundup/commit/dcef024bae8f63d290454250767a377eb0e1647b
- https://bugzilla.redhat.com/show_bug.cgi?id=610861
- https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2010-31.yaml
- https://github.com/roundup-tracker/roundup
- https://web.archive.org/web/20111225190151/http://secunia.com/advisories/41585
- https://web.archive.org/web/20140725071254/http://secunia.com/advisories/40433
- https://web.archive.org/web/20200228183400/http://www.securityfocus.com/bid/41326
- http://bugs.gentoo.org/show_bug.cgi?id=326395
- http://issues.roundup-tracker.org/issue2550654
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html
- http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486
- http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
- http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com
- http://www.openwall.com/lists/oss-security/2010/07/02/12
- http://www.openwall.com/lists/oss-security/2010/07/02/3
Affected packages
PyPI / roundup
Package
- Name
- roundup
- View open source insights on deps.dev
- Purl
- pkg:pypi/roundup
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.14
Affected versions
0.*
0.5.9
0.6.8
0.6.9
0.6.11
0.7.0b3
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.7
0.7.8
0.7.9
0.7.11
0.7.12
0.8.0b1
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.9.0b1
1.*
1.0
1.0.1
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.3.0
1.3.1
1.3.2
1.3.3
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5.1
1.4.6
1.4.7
1.4.8
1.4.9
1.4.10
1.4.11
1.4.12
1.4.13