Описание
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-53865
- https://github.com/roundup-tracker/roundup/commit/3b1f22f331d4798491bd4746dbaaa6cfbe972952
- https://github.com/roundup-tracker/roundup/commit/65ac8f4dcb03a9a36a67c3e98fdf79cbd2a0b3fb
- https://github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2025-69.yaml
- https://www.roundup-tracker.org/docs/security.html
- https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865
Пакеты
Наименование
roundup
pip
Затронутые версииВерсия исправления
< 2.5.0
2.5.0
Связанные уязвимости
CVSS3: 6.4
ubuntu
около 2 месяцев назад
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
CVSS3: 6.4
nvd
около 2 месяцев назад
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
CVSS3: 6.4
debian
около 2 месяцев назад
In Roundup before 2.5.0, XSS can occur via interaction between URLs an ...