CVE-2012-2381

Apache Roller < 5.0.1 - Authenticated Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.

References (1)

Core 1
Core References
Third Party Advisory mailing-list x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html

Scores

EPSS 0.0252
EPSS Percentile 83.0%

Details

CWE
CWE-79
Status published
Products (29)
apache/roller 0.9.5
apache/roller 0.9.6
apache/roller 0.9.6.3
apache/roller 0.9.6.4
apache/roller 0.9.7
apache/roller 0.9.7.1
apache/roller 0.9.7.2
apache/roller 0.9.8
apache/roller 0.9.8.1
apache/roller 0.9.8.2
... and 19 more
Published Jun 26, 2012
Tracked Since Feb 18, 2026