QwikSec

Security Database

CVE

CWE

Training

CVE-2019-0234

Published: Jul 15, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.

Vendor	Product	Versions
Apache	Apache Roller	affected `Roller 5.2` affected `5.2.1` affected `5.2.2. The unsupported pre-Roller 5.1 versions may also be affected.`

References

https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E

x_refsource_CONFIRM

[roller-user] 20210830 Fwd: [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerability

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.