Apache Roller
6 CVEs affecting Apache Roller. Latest disclosed: 2017-10-10. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2014-0030 | Critical | 9.8 | 2017-10-10 | The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors. |
CVE-2015-0249 | High | 7.2 | 2017-07-17 | The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code… |
CVE-2013-4212 | | 2013-12-07 | Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the firs… | |
CVE-2013-4171 | | 2013-12-07 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors rel… | |
CVE-2012-2381 | | 2012-06-26 | Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by le… | |
CVE-2012-2380 | | 2012-06-26 | Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authe… |