Vulnerability Description
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Roller | 5.2.0 |
Related Weaknesses (CWE)
References
- https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c
- https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d08290
- https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c
- https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d08290
FAQ
What is CVE-2019-0234?
CVE-2019-0234 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross...
How severe is CVE-2019-0234?
CVE-2019-0234 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0234?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Roller.