Description
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
References (1)
Core 1
Core References
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html
Scores
EPSS
0.0252
EPSS Percentile
83.0%
Details
CWE
CWE-79
Status
published
Products (29)
apache/roller
0.9.5
apache/roller
0.9.6
apache/roller
0.9.6.3
apache/roller
0.9.6.4
apache/roller
0.9.7
apache/roller
0.9.7.1
apache/roller
0.9.7.2
apache/roller
0.9.8
apache/roller
0.9.8.1
apache/roller
0.9.8.2
... and 19 more
Published
Jun 26, 2012
Tracked Since
Feb 18, 2026