CVE-2024-39126

Name of the Vulnerable Software and Affected Versions: Roundup versions prior to 2.4.0

Description: The issue is related to the lack of protection of the web page structure in the Roundup error tracking system. This allows a remote attacker to conduct cross-site scripting attacks by uploading specially crafted malicious files in PDF, XML, and SVG formats. The exploitation of this issue can lead to XSS via JavaScript in these documents.

Recommendations: For versions prior to 2.4.0, update to version 2.4.0 or later to resolve the issue. As a temporary workaround, consider restricting the upload of PDF, XML, and SVG files to minimize the risk of exploitation. Avoid using the affected file types in the system until the issue is resolved.