PT-2008-1029 · Roundup · Roundup

Published

2008-03-24

Updated

2022-05-01

CVE-2008-1474

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions Roundup versions prior to 1.4.4

Description The issue concerns multiple unspecified vulnerabilities in the Roundup package, which can be exploited remotely. These vulnerabilities may lead to a breach of protected information integrity. Some of the vulnerabilities might be related to cross-site scripting (XSS), which is a type of attack where an attacker injects malicious code into a website, allowing them to steal user data or take control of the user's session.

Recommendations For versions prior to 1.4.4, update to version 1.4.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Roundup package to minimize the risk of exploitation. Avoid using the Roundup package for sensitive operations until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2015-02584

CVE-2008-1474

DSA-1554-1

GHSA-C3QV-MF8H-434R

PYSEC-2008-9

Affected Products

Roundup

PT-2008-1029 · Roundup · Roundup

CVE-2008-1474

Weakness Enumeration

Related Identifiers

Affected Products

References · 23