Roller@2.3 Security Vulnerabilities and Issues — Roller@2.3 CVE List

Lucene search

ApacheRoller2.3

3 matches found

cve•added 2012/06/26 10:23 a.m.•47 views

CVE-2012-2380

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality.

6.8CVSS7.4AI score0.00181EPSS

cve•added 2009/07/30 7:30 p.m.•46 views

CVE-2008-6879

Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.

4.3CVSS5.8AI score0.01734EPSS

cve•added 2012/06/26 10:23 a.m.•33 views

CVE-2012-2381

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.

3.5CVSS5.5AI score0.00204EPSS