CVE 2012-6130
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
See the 
CVE page on Mitre.org
for more details.
