EPSS
Percentile
14.0%
Roundup before 2.4.0 allows XSS via a SCRIPT element in an HTTP Referer header.
www.roundup-tracker.org
www.roundup-tracker.org/docs/security.html#cve-announcements