CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-0234

A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.8%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E
https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E
https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E
https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E

Products affected by CVE-2019-0234

Apache » Roller » Version: 5.2.0

cpe:2.3:a:apache:roller:5.2.0
Apache » Roller » Version: 5.2.1

cpe:2.3:a:apache:roller:5.2.1
Apache » Roller » Version: 5.2.2

cpe:2.3:a:apache:roller:5.2.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-0234

Products

Pricing

Contact Us