Moderate severityNVD Advisory· Published Jul 17, 2024· Updated Mar 19, 2025
CVE-2024-39125
CVE-2024-39125
Description
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
roundupPyPI | < 2.4.0 | 2.4.0 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-xjgw-ghrx-wfffghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-39125ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/roundup/PYSEC-2024-64.yamlghsaWEB
- github.com/roundup-tracker/roundup/commit/860e3c8d07b05b77c6cdf5d0b6e7dbfe51b11631ghsaWEB
- www.roundup-tracker.orgghsaWEB
- www.roundup-tracker.org/docs/security.htmlghsaWEB
News mentions
0No linked articles in our index yet.