CVE-2019-0234

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2019-0234

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0234.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-0234

Published

2019-07-15T22:15:12.133Z

Modified

2026-04-10T04:08:28.249703Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.

References

Affected packages

Git / github.com/apache/roller

Affected ranges

Type

GIT

Repo

https://github.com/apache/roller

Events

Introduced

Last affected

25a9bc7fb4fab505f770ead07fb26634c5465def

Introduced

Last affected

0a8b286525c81b8634b47c848aa738b693f4b93a

Introduced

Last affected

bb34cad62d8fab281d1e7ce83f73c7817c38fa26

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.2.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.2.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "5.2.2"
        }
    ]
}

Affected versions

roller-5.*

roller-5.1.2

roller-5.2.0

roller-5.2.0-final

roller-5.2.0-rc-2

roller-5.2.0-rc-3

roller-5.2.0-rc-4

roller-5.2.0-rc-5

roller-5.2.0-rc-6

roller-5.2.1

roller-5.2.1-rc-2

roller-5.2.10-rc-1

roller-5.2.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0234.json"