Vulnerabilities > Roundup Tracker > Roundup > 1.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-17 | CVE-2024-39124 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. | 5.4 |
| 2024-07-17 | CVE-2024-39125 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. | 5.4 |
| 2024-07-17 | CVE-2024-39126 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | 5.4 |
| 2020-01-30 | CVE-2012-6133 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup Multiple cross-site scripting (XSS) vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the (1) @ok_message or (2) @error_message parameter to issue*. | 6.1 |
| 2016-04-13 | CVE-2014-6276 | Permissions, Privileges, and Access Controls vulnerability in multiple products schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details. | 4.3 |