Moderate severityNVD Advisory· Published Apr 11, 2014· Updated Jun 16, 2026
CVE-2012-6131
CVE-2012-6131
Description
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
roundupPyPI | < 1.4.20 | 1.4.20 |
Affected products
21cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*+ 19 more
- cpe:2.3:a:roundup-tracker:roundup:*:*:*:*:*:*:*:*range: <=1.4.19
- cpe:2.3:a:roundup-tracker:roundup:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.17:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.18:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:roundup-tracker:roundup:1.4.9:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
11- pypi.python.org/pypi/roundup/1.4.20nvdPatchWEB
- github.com/advisories/GHSA-gw2q-cgvq-9g3vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-6131ghsaADVISORY
- issues.roundup-tracker.org/issue2550711nvdWEB
- www.openwall.com/lists/oss-security/2012/11/10/2nvdWEB
- www.openwall.com/lists/oss-security/2013/02/13/8nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/84190nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2014-16.yamlghsaWEB
- github.com/roundup-tracker/roundup/commit/38193cc7d93567e04dae71cf526427473685d35eghsaWEB
- github.com/roundup-tracker/roundup/commit/ea29de37416f5b2126b3249cdd6bf12e5098c646ghsaWEB
News mentions
0No linked articles in our index yet.