[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerabiulity in Apache Roller
From: Dave <snoopdave () gmail ! com>
Date: 2019-07-11 22:14:30
Message-ID: CAF1aazCqSfmaE00r_bkV2n3sbQzaUXFALBOkffKef79AcSuWxg () mail ! gmail ! com
[Download RAW message or body]
Severity: Important
Vendor: The Apache Software Foundation
Versions affected: Roller 5.2, 5.2.1, 5.2.2. The unsupported pre-Roller 5.1
versions may also be affected.
Description: Roller's Math Comment Authenticator did not property sanitize
user input and could be exploited to perform Reflected Cross Site Scripting
(XSS).
Mitigation: The mitigation for this vulnerability is to upgrade to the
lastest version of Roller, which is now Roller 5.2.3.
Credit: This issue was discovered and reported by Muthukumar Marikani
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic