2 matches found
CVE-2012-2381: Apache Roller Cross-Site-Scripting (XSS) vulnerability
Severity: important Vendor: The Apache Software Foundation Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 The unsupported Roller 3.1 release is also affected Description: Roller trusts bloggers to post HTML and JavaScript code in the weblog and for some sites this can be a problem...
CVE-2012-2381
Apache Roller exposes multiple XSS vulnerabilities in versions prior to 5.0.1 via untrusted blogger content. Affected: Roller 4.0.0–4.0.1, Roller 5.0, and even the unsupported Roller 3.1. The issue stems from letting bloggers post HTML/JavaScript; an upgrade path recommended by sources is Roller ...