Reflected Cross-site Scripting Vulnerability in Apache Roller
CVE-2019-0234
6.1MEDIUM
What is CVE-2019-0234?
A Reflected Cross-site Scripting (XSS) vulnerability has been identified in Apache Roller, specifically associated with the Math Comment Authenticator. This vulnerability arises from inadequate sanitization of user input, allowing attackers to inject malicious scripts that can be executed in the context of the victim's browser. To mitigate this security flaw, it is crucial for users and administrators to upgrade to the latest version of Apache Roller (5.2.3 or newer), which addresses this issue and enhances overall security.
Affected Version(s)
Apache Roller Roller 5.2
Apache Roller 5.2.1
Apache Roller 5.2.2. The unsupported pre-Roller 5.1 versions may also be affected.