CVE-2025-53865
published 2025-07-13CVE-2025-53865: In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
PriorityP429medium6.4CVSS 3.1
AVNACLPRLUINSCCLILAN
EPSS
0.18%
8.2th percentile
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roundup-tracker | roundup | < 2.5.0 | 2.5.0 |
| roundup-tracker | roundup | >= 0 < 2.5.0 | 2.5.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
osv·2025-07-13
CVE-2025-53865 [MEDIUM] Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
GHSA
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
ghsa·2025-07-13
CVE-2025-53865 [MEDIUM] CWE-79 Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
OSV
CVE-2025-53865: In Roundup before 2
osv·2025-07-13
CVE-2025-53865 CVE-2025-53865: In Roundup before 2
In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-07-13
Published