CVE-2008-1474

Related Files

Gentoo Linux Security Advisory 200805-21

Posted May 27, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-21 - Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions (CVE-2008-1475). Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecified errors, some of which may be related to cross-site scripting (CVE-2008-1474). Versions less than 1.4.4-r1 are affected.

tags | advisory, vulnerability, xss

systems | linux, gentoo

advisories | CVE-2008-1474, CVE-2008-1475

SHA-256 | 39ae83bf9673c0b6e7ed914ca54a6bdb2a9e16d294460c89757b65f44081cc7b

Download | Favorite | View

Debian Linux Security Advisory 1554-2

Posted May 6, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1554-2 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.

tags | advisory, javascript

systems | linux, debian

advisories | CVE-2008-1474

SHA-256 | 0ef704e318012ae33ddede7c481143695b8612593320b046f15e1c3de646d7f9

Download | Favorite | View

Debian Linux Security Advisory 1554-1

Posted Apr 23, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1554-1 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.

tags | advisory, javascript

systems | linux, debian

advisories | CVE-2008-1474

SHA-256 | 8890ad167551dccfe911cc93b3561f8bce5a0af820c5c05f61dd5edddef1f150

Download | Favorite | View