Gentoo Linux Security Advisory GLSA 200805-21 - Philipp Gortan reported that the xml-rpc server in Roundup does not check property permissions (CVE-2008-1475). Furthermore, Roland Meister discovered multiple vulnerabilities caused by unspecified errors, some of which may be related to cross-site scripting (CVE-2008-1474). Versions less than 1.4.4-r1 are affected.
39ae83bf9673c0b6e7ed914ca54a6bdb2a9e16d294460c89757b65f44081cc7b
Debian Security Advisory 1554-2 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.
0ef704e318012ae33ddede7c481143695b8612593320b046f15e1c3de646d7f9
Debian Security Advisory 1554-1 - Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser.
8890ad167551dccfe911cc93b3561f8bce5a0af820c5c05f61dd5edddef1f150