Latest vulnerabilities for "apache roller"

Where

Sort:

Apache RollerApache Roller: Insufficient Session Expiration on Password Change

Risk 83

Severity

8.8

First published (updated )

CVE-2025-24859

Apache RollerApache Roller: Weakness in CSRF protection allows privilege escalation

Risk 39

Severity

4.7

First published (updated )

CVE-2024-46911

CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation

First published (updated )

https://seclists.org/oss-sec/2024/q4/21

Apache RollerApache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode

Risk 36

Severity

5.4

First published (updated )

CVE-2024-25090

CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode

First published (updated )

https://seclists.org/oss-sec/2024/q3/113

Apache RollerApache Roller: Roller's weblog category, weblog settings and file-upload features did not properly sanitize input could be exploited to perform Reflected Cross Site Scripting (XSS) even on a Roller site configured for untrusted users.

Risk 35

Severity

5.4

First published (updated )

CVE-2023-37581

Apache Rollerregex injection leading to DoS

Risk 43

Severity

7.5

First published (updated )

CVE-2021-33580

Apache RollerXSS

Risk 38

Severity

6.1

First published (updated )

CVE-2019-0234

Apache RollerSSRF

Risk 86

Severity

9.8

First published (updated )

CVE-2018-17198

Apache RollerXEE

Risk 86

Severity

9.8

First published (updated )

CVE-2014-0030

Apache RollerCode Injection

Risk 66

Severity

7.2

First published (updated )

CVE-2015-0249

Apache RollerXSS

Risk 22

Severity

4.3

First published (updated )

CVE-2013-4171

Apache RollerCode Injection

Risk 47

Severity

6.8

First published (updated )

CVE-2013-4212

Apache RollerCSRF

Risk 47

Severity

6.8

First published (updated )

CVE-2012-2380

Apache RollerXSS

Risk 18

Severity

3.5

First published (updated )

CVE-2012-2381

Apache RollerXSS

Risk 22

Severity

4.3

First published (updated )

CVE-2008-6879

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

Trending

Versions

Apache RollerApache Roller: Insufficient Session Expiration on Password Change

Apache RollerApache Roller: Weakness in CSRF protection allows privilege escalation

CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation

Apache RollerApache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode

CVE-2024-25090: Apache Roller: Insufficient input validation for some user profile and bookmark fields when Roller in untested-users mode

Don't miss critical vulnerabilities

Apache RollerApache Roller: Roller's weblog category, weblog settings and file-upload features did not properly sanitize input could be exploited to perform Reflected Cross Site Scripting (XSS) even on a Roller site configured for untrusted users.

Apache Rollerregex injection leading to DoS

Apache RollerXSS

Apache RollerSSRF

Apache RollerXEE

Don't miss critical vulnerabilities

Apache RollerCode Injection

Apache RollerXSS

Apache RollerCode Injection

Apache RollerCSRF

Apache RollerXSS

Don't miss critical vulnerabilities

Apache RollerXSS

Company

Resources

Contact