Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2010-2491

Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.

Related bugs and status

CVE-2010-2491 (Candidate) is related to these bugs:

Bug #612065: Sync roundup 1.4.13-3.1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	612065	Sync roundup 1.4.13-3.1 (universe) from Debian unstable (main)		roundup (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://secunia.com/adv...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://sourceforge.net...
MISC: http://bugs.gentoo.org...
MISC: http://issues.roundup-...
MISC: http://roundup.svn.sou...
MISC: http://roundup.svn.sou...
MISC: https://bugzilla.redha...