100 matches found
Apache Roller < 5.2.3 XSS Vulnerability
Apache Roller is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Roller Cross-Site Scripting Vulnerability (CNVD-2019-23302)
Apache Roller is the U.S. Apache Apache Software Foundation's set of Java-based multi-user open source blogging system. A cross-site scripting vulnerability exists in Apache Roller versions 5.2.2, 5.2.1 and 5.2. The vulnerability stems from the WEB application's lack of proper validation of...
CVE-2019-0234
A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...
CVE-2019-0234
A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...
Cross site scripting
A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...
CVE-2019-0234
A Reflected Cross-site Scripting XSS vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting XSS. The mitigation for this vulnerability is to upgrade to the latest version of...
CVE-2019-0234
Summary: CVE-2019-0234 is a reflected XSS in Apache Roller caused by Roller's Math Comment Authenticator not properly sanitizing input. Affected versions include Roller 5.2.1–5.2.2 (and related 5.2.x builds) prior to 5.2.3. Impact: attacker-controlled input could trigger reflected XSS. Mitigation...
Server side request forgery (ssrf)
Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...
CVE-2018-17198
Server-side Request Forgery SSRF and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / Fil...
CVE-2018-17198
CVE-2018-17198 describes a Server-Side Request Forgery (SSRF) and File Enumeration flaw in Apache Roller 5.2.1, 5.2.0 and earlier . The issue arises because the Java SAX Parser used for the XML-RPC interface allows external entities in XML DOCTYPE by default, enabling SSRF/File Enumeration even w...
Apache Roller File Disclosure
File disclosure vulnerability via XXE in Apache Roller Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact:...
Apache Roller 5.0.3 - XML External Entity Injection Exploit
Exploit for linux platform in category web applications Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Exploit Author: Marko Jokic Contact: http://twitter.com/MarkoJokic Vendor...
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact: http://twitter.com/MarkoJokic Vendor Homepage: http://roller.apache.org/ Software...
Apache Roller < 5.0.3 XXE Vulnerability
Apache Roller is prone to an XML external entity XXE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:roller...
Apache Roller < 5.0.2 Multiple Vulnerabilities
Apache Roller is prone to code execution and cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Roller XML-RPC protocol support XML injection vulnerability
Apache Roller is the United States Apache Apache Software Foundation's set of feature-rich multi-user blogging platform. XML-RPC protocol support is one of the XML-RPC transport protocol support component. A security vulnerability exists in the XML-RPC protocol support in Apache Roller versions...
CVE-2014-0030
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity XXE attacks via unspecified vectors...
Xxe
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity XXE attacks via unspecified vectors...
CVE-2014-0030
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity XXE attacks via unspecified vectors...