Download
| Alert*
|
oval:org.secpod.oval:def:602408
roundup is installed oval:org.secpod.oval:def:602402 Ralf Schlatterbeck discovered an information leak in roundup, a web-based issue tracking system. An authenticated attacker could use it to see sensitive details about other users, including their hashed password. After applying the update, which will fix the shipped templates, the site administrator ... oval:org.secpod.oval:def:1901818 Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. |
