CVE-2019-0234

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Roller
Vendor: CVE Published:; 15 July 2019

Summary

A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.

Affected Version(s)

Apache Roller Roller 5.2

Apache Roller 5.2.1

Apache Roller 5.2.2. The unsupported pre-Roller 5.1 versions may also be affected.

References

https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb9...

x_refsource_CONFIRM

https://lists.apache.org/thread.html/r81a61626d03a11e610c...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2019
Vulnerability Reserved
Nov 14, 2018