Vulnerabilities > Apache > Roller > 5.2.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-06 | CVE-2023-37581 | Cross-site Scripting vulnerability in Apache Roller Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |
2021-08-18 | CVE-2021-33580 | Resource Exhaustion vulnerability in Apache Roller User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. | 4.3 |