CVE-2013-4171
Apache Roller < 5.0.2 - Cross-Site Scripting via Search Results in RSS and Atom Feed Templates
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates.
References (3)
Core 3
Core References
Patch x_refsource_confirm
http://rollerweblogger.org/project/entry/apache_roller_5_0_2
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55862
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/55877
Scores
EPSS
0.0201
EPSS Percentile
84.0%
Details
CWE
CWE-79
Status
published
Products (4)
apache/roller
4.0
apache/roller
4.0.1
apache/roller
5.0
apache/roller
< 5.0.1
Published
Dec 07, 2013
Tracked Since
Feb 18, 2026