[Bug 227276] [NEW] [roundup] [CVE-2008-1474] cross-site scripting vulnerability

hk47 Tue, 06 May 2008 05:05:32 -0700

*** This bug is a security vulnerability ***

Public security bug reported:


Binary package hint: roundup

References:
DSA-1554-1 (http://www.debian.org/security/2008/dsa-1554)

QuotingDSA-1554-1:
"Roundup, an issue tracking system, fails to properly escape HTML input,
allowing an attacker to inject client-side code (typically JavaScript)
into a document that may be viewed in the victim's browser."

Quoting CVE-2008-1474:
"Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown 
impact and attack vectors, some of which may be related to cross-site scripting 
(XSS)."

** Affects: roundup (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: roundup (Debian)
     Importance: Unknown
         Status: Fix Released

** Visibility changed to: Public

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1474

** Bug watch added: Debian Bug tracker #472643
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472643

** Also affects: roundup (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=472643
   Importance: Unknown
       Status: Unknown

-- 
[roundup] [CVE-2008-1474] cross-site scripting vulnerability
https://bugs.launchpad.net/bugs/227276
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 227276] [NEW] [roundup] [CVE-2008-1474] cross-site scripting vulnerability

Reply via email to