📄 Apache Roller 6.1.2 Cross Site Request Forgery

Apache Roller versions 6.1.2 and below contain a cross site request forgery vulnerability in endpoint /roller/roller-ui/profile!save.rol. This vulnerability allows attackers to arbitrarily update the victim user's profile information e.g., email, full name, locale, timezone via a crafted HTML pag...

Apache Roller < 6.1.5 Insufficient Session Expiration on Password Change (CVE-2025-24859)

According to its self-reported version number, the instance of Apache Roller running on the remote host is prior to 6.1.5. It is, therefore, affected by a session management vulnerability where active user sessions are not properly invalidated after password changes. When a user's password is...

EUVD-2008-6839

Malware in sbrugna...

EUVD-2013-4095

Malware in sbrugna...

EUVD-2015-0271

Malware in sbrugna...

EUVD-2012-2368

Malware in sbrugna...

EUVD-2018-8962

Malware in sbrugna...

EUVD-2012-2369

Malware in sbrugna...

EUVD-2019-1007

Malware in sbrugna...

EUVD-2025-10872

Malicious code in bioql PyPI...

EUVD-2024-22452

Malicious code in bioql PyPI...

EUVD-2023-41466

Malicious code in bioql PyPI...

CVE-2024-46911

Cross-site Resource Forgery CSRF, Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default weblog owners are trusted to publish arbitrary weblog content and this combined with a deficiency in Roller's CSRF protections allowed an escalation of privileges...

CVE-2024-25090

Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted...

CVE-2012-2381

Multiple cross-site scripting XSS vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role...

CVE-2012-2380

Multiple cross-site request forgery CSRF vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality...

CVE-2008-6879

Cross-site scripting XSS vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action...

Apache Roller Detection

Binary data apacherollerdetect.nbin...

The vulnerability of the Apache Roller server for creating web blogs relates to incorrect session duration settings, which allows attackers to gain unauthorized access to the system.

The vulnerability of the Apache Roller server for creating web blogs is related to an incorrect session duration. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the system remotely...

Apache Roller Code Issue Vulnerability

Apache Roller is the United States Apache Apache Foundation of a Java-based multi-user open source blogging system. A code issue vulnerability exists in Apache Roller 6.1.4 and earlier versions, which stems from a password change that does not properly invalidate the session and can be exploited ...