CVE-2019-0234
MEDIUMApache Roller - Reflected Cross-Site Scripting in Math Comment Authenticator
Title source: llmDescription
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.
References (2)
Core 2
Core References
Mailing List x_refsource_confirm
https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E
Scores
CVSS v3
6.1
EPSS
0.0127
EPSS Percentile
79.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
apache/roller
5.2.0
apache/roller
5.2.1
apache/roller
5.2.2
Published
Jul 15, 2019
Tracked Since
Feb 18, 2026