Vulnerabilities > Apache > Roller > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-26 CVE-2024-25090 Unspecified vulnerability in Apache Roller
Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack.
network
low complexity
apache
5.4
2023-08-06 CVE-2023-37581 Unspecified vulnerability in Apache Roller
Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack.
network
low complexity
apache
5.4
2019-07-15 CVE-2019-0234 Cross-site Scripting vulnerability in Apache Roller 5.2.0/5.2.1/5.2.2
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller.
network
low complexity
apache CWE-79
6.1