CVE-2010-2491

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.
References
Link Resource
http://bugs.gentoo.org/show_bug.cgi?id=326395
http://issues.roundup-tracker.org/issue2550654
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html
http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486
http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
http://secunia.com/advisories/40433 Vendor Advisory
http://secunia.com/advisories/41585 Vendor Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com
http://www.openwall.com/lists/oss-security/2010/07/02/12
http://www.openwall.com/lists/oss-security/2010/07/02/3
http://www.securityfocus.com/bid/41326
https://bugzilla.redhat.com/show_bug.cgi?id=610861
http://bugs.gentoo.org/show_bug.cgi?id=326395
http://issues.roundup-tracker.org/issue2550654
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html
http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486
http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
http://secunia.com/advisories/40433 Vendor Advisory
http://secunia.com/advisories/41585 Vendor Advisory
http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com
http://www.openwall.com/lists/oss-security/2010/07/02/12
http://www.openwall.com/lists/oss-security/2010/07/02/3
http://www.securityfocus.com/bid/41326
https://bugzilla.redhat.com/show_bug.cgi?id=610861
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.3.0:pre3:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.0:b2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.4.2:pr1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.0:beta2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.0:pr1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.8:stable:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.5.9:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:b2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:b3:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.0:b4:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.8:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.9:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.10:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.6.11:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.0:b2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.0:b3:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.8:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.9:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.10:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.11:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.7.12:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.0:b2:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.8.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:0.9.0:b1:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.7:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.8:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.9:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.10:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.11:*:*:*:*:*:*:*
cpe:2.3:a:roundup-tracker:roundup:1.4.12:*:*:*:*:*:*:*

History

21 Nov 2024, 01:16

Type Values Removed Values Added
References () http://bugs.gentoo.org/show_bug.cgi?id=326395 - () http://bugs.gentoo.org/show_bug.cgi?id=326395 -
References () http://issues.roundup-tracker.org/issue2550654 - () http://issues.roundup-tracker.org/issue2550654 -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048018.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048061.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-September/048221.html -
References () http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486 - () http://roundup.svn.sourceforge.net/viewvc/roundup/roundup/trunk/roundup/cgi/client.py?r1=4486&r2=4485&pathrev=4486 -
References () http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486 - () http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486 -
References () http://secunia.com/advisories/40433 - Vendor Advisory () http://secunia.com/advisories/40433 - Vendor Advisory
References () http://secunia.com/advisories/41585 - Vendor Advisory () http://secunia.com/advisories/41585 - Vendor Advisory
References () http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com - () http://sourceforge.net/mailarchive/message.php?msg_name=AANLkTimIYtyRzTAReGmTSCEqPYBvwkkxrP6YKrdVm_nU%40mail.gmail.com -
References () http://www.openwall.com/lists/oss-security/2010/07/02/12 - () http://www.openwall.com/lists/oss-security/2010/07/02/12 -
References () http://www.openwall.com/lists/oss-security/2010/07/02/3 - () http://www.openwall.com/lists/oss-security/2010/07/02/3 -
References () http://www.securityfocus.com/bid/41326 - () http://www.securityfocus.com/bid/41326 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=610861 - () https://bugzilla.redhat.com/show_bug.cgi?id=610861 -

Information

Published : 2010-09-24 19:00

Updated : 2024-11-21 01:16


NVD link : CVE-2010-2491

Mitre link : CVE-2010-2491

CVE.ORG link : CVE-2010-2491


JSON object : View

Products Affected

roundup-tracker

  • roundup
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')