CVE-2024-39125 Information

Description

Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.

Reference

https://www.roundup-tracker.org https://www.roundup-tracker.org/docs/security.html#cve-announcements