Vulnerabilities > Apache > Roller > 5.2.10
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-14 | CVE-2025-24859 | Unspecified vulnerability in Apache Roller A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. | 8.8 |
| 2024-07-26 | CVE-2024-25090 | Unspecified vulnerability in Apache Roller Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |
| 2023-08-06 | CVE-2023-37581 | Unspecified vulnerability in Apache Roller Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |
| 2021-08-18 | CVE-2021-33580 | Resource Exhaustion vulnerability in Apache Roller User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. | 7.5 |