Cross-Site Scripting Vulnerabilities in Apache Roller by The Apache Software Foundation
CVE-2013-4171

Currently unrated

Key Information:

Vendor: Apache
Status: Roller
Vendor: CVE Published:; 7 December 2013

What is CVE-2013-4171?

Multiple cross-site scripting (XSS) vulnerabilities have been identified in Apache Roller prior to version 5.0.2. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML code through specific vectors associated with the search results in the RSS and Atom feed templates. This can lead to unauthorized access and manipulation of user data, posing significant risks to web applications and their users.

References

http://rollerweblogger.org/project/entry/apache_roller_5_0_2

x_refsource_CONFIRM

http://secunia.com/advisories/55862

third-party-advisoryx_refsource_SECUNIA

http://secunia.com/advisories/55877

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 7, 2013
Vulnerability Reserved
Jun 12, 2013