CVE-2019-0234

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-0234
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0234.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-0234
Published
2019-07-15T22:15:12Z
Modified
2024-09-03T02:21:07.853067Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.

References

Affected packages

Git / github.com/apache/roller

Affected ranges

Type
GIT
Repo
https://github.com/apache/roller
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Last affected
Last affected

Affected versions

roller-5.*

roller-5.1.2
roller-5.2.1