CNNVD-202507-1786 Information

CNNVD ID

CNNVD-202507-1786

Related CVE

CVE-2025-53865

• CNNVD Published: 2025-07-13

Description (Chinese)

Roundup是Roundup开源的一套命令行、Web和电子邮件问题跟踪系统。该系统提供Bug跟踪、客户帮助台和问题管理等功能。 Roundup 2.5.0之前版本存在跨站脚本漏洞，该漏洞源于URL和模板交互不当，可能导致跨站脚本攻击。

Description (English)

Rundup is an open-source command line, Web and e-mail tracking system. The system provides Bug tracking, client help desk and problem management functions. The pre-Rundup 2.5.0 version had a cross-site script loophole, which stemmed from inappropriate interaction between the URL and the template and could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Roy Binux

Published

2025-07-13

Last Modified

2026-02-24

References

https://www.roundup-tracker.org/docs/security.html https://www.roundup-tracker.org/docs/upgrading.html#cve-2025-53865 https://access.redhat.com/security/cve/cve-2025-53865

Patch

https://pypi.org/project/roundup/