Summary: | <www-apps/roundup-1.4.14: XSS (CVE-2010-2491) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Arfrever Frehtes Taifersar Arahesis (RETIRED) <arfrever> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Arfrever Frehtes Taifersar Arahesis (RETIRED)
2010-07-01 03:09:33 UTC
Stabilize www-apps/roundup-1.4.14. x86 stable sparc stable amd64 done Marked ppc stable. XSS in a webapp -> closing noglsa. CVE-2010-2491 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2491): Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program. |