2 matches found
CVE-2012-2380
CVE-2012-2380 affects the Apache Roller project, specifically the admin/editor console. The issue is that HTTP POST interfaces in the Roller admin/editor console were not protected against CSRF, allowing remote attackers to hijack admin/editor authentication. Affected versions include Roller 4.0....
CVE-2012-2381
Apache Roller exposes multiple XSS vulnerabilities in versions prior to 5.0.1 via untrusted blogger content. Affected: Roller 4.0.0–4.0.1, Roller 5.0, and even the unsupported Roller 3.1. The issue stems from letting bloggers post HTML/JavaScript; an upgrade path recommended by sources is Roller ...