tiny-secp256k1 is an A tiny secp256k1 JS

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the verify() function when running in a bundled environment where the global Buffer is provided by the buffer package. An attacker can bypass signature verification by crafting a malicious JSON-stringifiable message that is accepted as valid, allowing false-positive verification results for known message/signature pairs.

roundup is a simple-to-use and -install issue-tracking system with command-line, web and e-mail interfaces.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the interaction between URLs and issue tracker templates. An attacker can execute arbitrary scripts in the context of a user's browser by crafting malicious URLs that are passed to tal:replace or tal:content templates.

Affected versions of this package are vulnerable to Open Redirect via the redirect_url parameter in the /xxl-sso-server/doLogin and /xxl-sso-server/login endpoints. An attacker can redirect users to arbitrary external sites by crafting a malicious link and tricking authenticated users into clicking it.