PT-2019-11203 · Apache · Apache Roller
Muthukumar Marikani
·
Published
2019-07-15
·
Updated
2021-09-14
·
CVE-2019-0234
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Apache Roller versions prior to 5.2.3
Description:
A Reflected Cross-site Scripting (XSS) issue exists due to improper sanitization of user input by Roller's Math Comment Authenticator, allowing for Reflected Cross Site Scripting (XSS) exploitation.
Recommendations:
For versions prior to 5.2.3, upgrade to the latest version of Roller, which is now Roller 5.2.3.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Roller