Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents.Referenceshttps://www.roundup-tracker.orghttps://www.roundup-tracker.org/docs/security.html#cve-announcements
