Vulnerabilities > Roundup Tracker > Roundup > 1.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-17 | CVE-2024-39124 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS. | 5.4 |
| 2024-07-17 | CVE-2024-39125 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header. | 5.4 |
| 2024-07-17 | CVE-2024-39126 | Cross-site Scripting vulnerability in Roundup-Tracker Roundup Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. | 5.4 |
| 2019-04-06 | CVE-2019-10904 | Cross-site Scripting vulnerability in multiple products Roundup 1.6 allows XSS via the URI because frontends/roundup.cgi and roundup/cgi/wsgi_handler.py mishandle 404 errors. | 6.1 |