Описание
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-53865
- https://github.com/roundup-tracker/roundup/commit/3b1f22f331d4798491bd4746dbaaa6cfbe972952
- https://github.com/roundup-tracker/roundup/commit/65ac8f4dcb03a9a36a67c3e98fdf79cbd2a0b3fb
- https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2025-69.yaml
- https://www.roundup-tracker.org/docs/security.html
- https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
Пакеты
Наименование
roundup
pip
Затронутые версииВерсия исправления
< 2.5.0
2.5.0
Связанные уязвимости
CVSS3: 6.4
ubuntu
7 месяцев назад
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
CVSS3: 6.4
nvd
7 месяцев назад
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
CVSS3: 6.4
debian
7 месяцев назад
In Roundup before 2.5.0, XSS can occur via interaction between URLs an ...