Reflected Cross-site Scripting Vulnerability in Apache Roller
CVE-2019-0234

6.1MEDIUM

Key Information:

Vendor: Apache
Status: Apache Roller
Vendor: CVE Published:; 15 July 2019

Summary

A Reflected Cross-site Scripting (XSS) vulnerability has been identified in Apache Roller, specifically associated with the Math Comment Authenticator. This vulnerability arises from inadequate sanitization of user input, allowing attackers to inject malicious scripts that can be executed in the context of the victim's browser. To mitigate this security flaw, it is crucial for users and administrators to upgrade to the latest version of Apache Roller (5.2.3 or newer), which addresses this issue and enhances overall security.

Affected Version(s)

Apache Roller Roller 5.2

Apache Roller 5.2.1

Apache Roller 5.2.2. The unsupported pre-Roller 5.1 versions may also be affected.

References

https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb9...

x_refsource_CONFIRM

https://lists.apache.org/thread.html/r81a61626d03a11e610c...

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 15, 2019
Vulnerability Reserved
Nov 14, 2018