Cross-Site Scripting Vulnerability in Apache Roller by The Apache Software Foundation
CVE-2012-2381

Currently unrated

Key Information:

Vendor: Apache
Status: Roller
Vendor: CVE Published:; 26 June 2012

Summary

Apache Roller, a popular blogging platform, has multiple cross-site scripting (XSS) vulnerabilities that affect versions prior to 5.0.1. These vulnerabilities allow remote authenticated users with the blogger role to inject arbitrary web scripts or HTML into the application. This type of exploit can lead to unauthorized access, data theft, and potential compromise of user accounts, making it essential for users to upgrade to a patched version to mitigate these risks.

References

http://archives.neohapsis.com/archives/fulldisclosure/201...

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 26, 2012