Cross-Site Scripting Vulnerability in Apache Roller by Apache
CVE-2008-6879

Currently unrated

Key Information:

Vendor: Apache
Status: Roller
Vendor: CVE Published:; 30 July 2009

Summary

A Cross-Site Scripting (XSS) vulnerability exists in multiple versions of Apache Roller, allowing remote attackers to inject arbitrary web scripts or HTML. This flaw specifically arises through the 'q' parameter in the search action, which can be exploited to manipulate user inputs and execute unauthorized scripts in the context of an affected user’s session. This vulnerability poses significant security risks as it can lead to data theft, session hijacking, and possibly broader attacks on the web application.

References

http://secunia.com/advisories/31523

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/51151

vdb-entryx_refsource_OSVDB

http://svn.apache.org/viewvc?view=rev&revision=668737

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 30, 2009