PT-2019-12082 · Roundup · Roundup

Hanno Böck

Published

2019-04-06

Updated

2019-04-09

CVE-2019-10904

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Roundup version 1.6

Description The issue allows for XSS via the URI due to mishandling of 404 errors by frontends/roundup.cgi and roundup/cgi/wsgi handler.py.

Recommendations For Roundup version 1.6, consider updating to a newer version that addresses this issue, or as a temporary workaround, restrict access to the vulnerable frontend and backend scripts to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-10904

DLA-1750-1

GHSA-926Q-WXR6-3CRQ

PYSEC-2019-201

Affected Products

Roundup

PT-2019-12082 · Roundup · Roundup

CVE-2019-10904

Weakness Enumeration

Related Identifiers

Affected Products

References · 19