CVE-2023-37581

CVE-2023-37581 affects Apache Roller (multi-user blogging platform). The vulnerability arises from insufficient input validation and sanitation in the Weblog Category name, Website About, and File Upload features, allowing an authenticated user to perform a Cross-Site Scripting (XSS) attack. Impa...

CVE-2021-33580

Apache Roller suffers a vulnerability where user-controlled inputs from Referer, Request URL, and QueryString are used to build and execute a regex, enabling regular-expression DoS (ReDoS) via catastrophic backtracking on the server. Impact described as availability issues; fixed in Roller 6.0.2....