CVE-2012-2381

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

3.5LOW

EPSS

0.1%

top 65.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Roller

Timeline

PublishedJun 26

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/roller5.0+28

🔴Vulnerability Details

GHSA

GHSA-9x4r-29pc-p3hh: Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5↗2022-05-17

▶

CVEList

CVE-2012-2381: Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5↗2012-06-26

▶