📄 Apache Roller 6.1.2 Cross Site Request Forgery

Apache Roller versions 6.1.2 and below contain a cross site request forgery vulnerability in endpoint /roller/roller-ui/profile!save.rol. This vulnerability allows attackers to arbitrarily update the victim user's profile information e.g., email, full name, locale, timezone via a crafted HTML pag...

Apache Roller < 6.1.5 Insufficient Session Expiration on Password Change (CVE-2025-24859)

According to its self-reported version number, the instance of Apache Roller running on the remote host is prior to 6.1.5. It is, therefore, affected by a session management vulnerability where active user sessions are not properly invalidated after password changes. When a user's password is...

EUVD-2013-4095

Malware in sbrugna...

EUVD-2012-2368

Malware in sbrugna...

EUVD-2015-0271

Malware in sbrugna...

EUVD-2018-8962

Malware in sbrugna...

EUVD-2012-2369

Malware in sbrugna...

EUVD-2019-1007

Malware in sbrugna...

EUVD-2008-6839

Malware in sbrugna...

EUVD-2023-41466

Malicious code in bioql PyPI...

EUVD-2025-10872

Malicious code in bioql PyPI...

EUVD-2024-22452

Malicious code in bioql PyPI...

CVE-2024-46911

Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...

CVE-2024-25090

Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted...

CVE-2012-2381

Multiple cross-site scripting XSS vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role...

CVE-2012-2380

Multiple cross-site request forgery CSRF vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality...

CVE-2008-6879

Cross-site scripting XSS vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action...

Apache Roller Detection

Binary data apacherollerdetect.nbin...

Apache Roller Code Issue Vulnerability

Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system. A code issue vulnerability exists in Apache Roller 6.1.4 and earlier versions, which stems from a password change that does not properly invalidate the session and can be exploited ...

CVE-2025-24859

A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. When a user's password is changed, either by the user themselves or by an administrator, existing sessions remain active and usable. This...