CVE-2012-2381
Apache Roller exposes multiple XSS vulnerabilities in versions prior to 5.0.1 via untrusted blogger content. Affected: Roller 4.0.0–4.0.1, Roller 5.0, and even the unsupported Roller 3.1. The issue stems from letting bloggers post HTML/JavaScript; an upgrade path recommended by sources is Roller ...