Vulnerabilities > Apache > Roller > 6.1.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-04-14 | CVE-2025-24859 | Unspecified vulnerability in Apache Roller A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. | 8.8 |
| 2024-07-26 | CVE-2024-25090 | Unspecified vulnerability in Apache Roller Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. | 5.4 |