3 matches found
CVE-2008-6879
CVE-2008-6879 affects Apache Roller 2.3, 3.0, 3.1, and 4.0. The vulnerability is a Cross-Site Scripting (XSS) flaw caused by insufficient sanitization of the q parameter in search actions, allowing injection of arbitrary web script/HTML. Concrete details available in connected docs include produc...
CVE-2024-46911
Apache Roller contains a Cross-site Resource Forgery (CSRF) and privilege escalation vulnerability affecting versions prior to 6.1.4. On multi-blog/user Roller websites, weblog owners are trusted to publish content by default, and Roller's CSRF protections are insufficient, enabling privilege esc...
CVE-2013-4171
Apache Roller is affected by multiple XSS vulnerabilities in the search results templates for RSS/Atom feeds, affecting versions before 5.0.2. The issue allows remote attackers to inject arbitrary scripts/HTML. A fix is available in Roller 5.0.2 (vendor patch). If exploitation details are not dis...