CVE-2024-39124: Roundup Cross-site Scripting Vulnerability

July 17, 2024

In Roundup before 2.4.0, classhelpers (_generic.help.html) allow XSS.

References

github.com/advisories/GHSA-w8vc-cwv9-wx67
github.com/roundup-tracker/roundup
github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631
nvd.nist.gov/vuln/detail/CVE-2024-39124
www.roundup-tracker.org/
www.roundup-tracker.org/docs/security.html

Detect and mitigate CVE-2024-39124 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →