CVE-2019-0234

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

1.0%

top 23.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Apache Roller Apache Roller

Timeline

PublishedJul 15

Latest updateMay 24

Description

A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDapache/roller5.2.0, 5.2.1, 5.2.2+2

▶CVEListV5apache/apache_roller5.2.1, 5.2.2. The unsupported pre-Roller 5.1 versions may also be affected., Roller 5.2+2

🔴Vulnerability Details

GHSA

GHSA-g2p9-qx45-9p93: A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller↗2022-05-24

▶

CVEList

CVE-2019-0234: A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller↗2019-07-15

▶