Apache Roller OGNL Injection Vulnerability

This Metasploit module exploits an OGNL injection vulnerability in Apache Roller 'Apache Roller OGNL Injection', 'Description' = %q This module exploits an OGNL injection vulnerability in Apache Roller 'Unknown', From coverity.com / Vulnerability discovery 'juan vazquez' Metasploit module ,...

Apache Roller OGNL Injection

This module exploits an OGNL injection vulnerability in Apache Roller 'Apache Roller OGNL Injection', 'Description' = %q This module exploits an OGNL injection vulnerability in Apache Roller 'Unknown', From coverity.com / Vulnerability discovery 'juan vazquez' Metasploit module , 'License' =...

CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability

Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: HTTP POST interfaces in the Roller admin/editor console were not protected from CSRF attacks. This issue has been...

CVE-2012-2381

Multiple cross-site scripting XSS vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role...

CVE-2012-2380

Multiple cross-site request forgery CSRF vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality...

CVE-2012-2380

Multiple cross-site request forgery CSRF vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality...

CVE-2012-2381

Apache Roller exposes multiple XSS vulnerabilities in versions prior to 5.0.1 via untrusted blogger content. Affected: Roller 4.0.0–4.0.1, Roller 5.0, and even the unsupported Roller 3.1. The issue stems from letting bloggers post HTML/JavaScript; an upgrade path recommended by sources is Roller ...

CVE-2012-2381

Multiple cross-site scripting XSS vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role...

CVE-2012-2380

CVE-2012-2380 affects the Apache Roller project, specifically the admin/editor console. The issue is that HTTP POST interfaces in the Roller admin/editor console were not protected against CSRF, allowing remote attackers to hijack admin/editor authentication. Affected versions include Roller 4.0....

Apache Roller 2.x < 4.0.1 XSS Vulnerability

Apache Roller is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:roller...

Apache Roller Detection (HTTP)

HTTP based detection of Apache Roller. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.800677";...

Apache Roller 'q' Parameter Cross Site Scripting Vulnerability

This host is running Apache Roller and is prone to Cross Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbapacherollerxssvulnaug09.nasl 4865 2016-12-28 16:16:43Z teissa $ Apache Roller 'q' Parameter Cross Site Scripting Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2009...

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action...

CVE-2008-6879

Cross-site scripting XSS vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action...

CVE-2008-6879

Cross-site scripting XSS vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action...

CVE-2008-6879

CVE-2008-6879 affects Apache Roller 2.3, 3.0, 3.1, and 4.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient sanitization of the q parameter in search actions, allowing injection of arbitrary web script/HTML. Concrete details available in connected docs include produc...

Apache Roller q Parameter XSS

The remote host is running Apache Roller, a multi-user blog server written in Java. The version of Apache Roller installed on the remote host fails to sanitize user input to the 'q' parameter of search requests before including it in dynamic HTML output. An attacker may be able to leverage this...

Apache Roller q参数跨站脚本漏洞

BUGTRAQ ID: 33110 Apache Roller是一个多用户的群组Blog服务器。 如果通过q参数值向Roller服务器提交了特制的搜索请求（/search?q=query+terms）的话，服务器未经转义HTML标签便在默认的搜索表单中回显查询请求，这可能导致跨站脚本攻击。 Apache Apache Roller 4.0 Apache Apache Roller 3.1 Apache Apache Roller 3.0 Apache Apache Roller 2.3 厂商补丁： Apache ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下...