Roundup-Tracker: >> Roundup >> 1.4.20 Security Vulnerabilities
In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-17
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-17
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-17
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing user details.
CVSS Score
4.3
EPSS Score
0.002
Published
2016-04-13