CVE-2019-0234
N/A
N/A
Summary
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache | Apache Roller | Roller 5.2 | affected |
| Apache | Apache Roller | 5.2.1 | affected |
| Apache | Apache Roller | 5.2.2. The unsupported pre-Roller 5.1 versions may also be affected. | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E
- https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E
References
- https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E
- https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.