Home/Product/apache roller
Product

apache roller

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-24859
>= 1.0 and < 6.1.5
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invali
8.8HIGH
 CVE-2024-46911
>= 1.0 and < 6.1.4
Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by de
4.7MEDIUM
 CVE-2024-25090
>= 5.0.0 and < 6.1.3
Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features
5.4MEDIUM
 CVE-2023-37581
< 6.1.2
Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Ap
5.4MEDIUM
 CVE-2021-33580
< 6.0.2
User controlled request.getHeader("Referer"), request.getRequestURL() and request.getQueryString() are used to build and run
7.5HIGH
 CVE-2019-0234
all versions
A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property
6.1MEDIUM
 CVE-2018-17198
<= 5.1.2
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versio
9.8CRITICAL
 CVE-2014-0030
all versions
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspe
9.8CRITICAL
 CVE-2015-0249
all versions
The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog t
7.2HIGH
 CVE-2013-4212
<= 5.0.1
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary
 CVE-2013-4171
<= 5.0.1
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web s
 CVE-2012-2381
<= 5.0
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbit
 CVE-2012-2380
<= 5.0
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote
 CVE-2008-6879
all versions
Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web s
SOC and Response
CVE triage
Stack monitoring
Am I affected
IOC triage
KEV catalog
Recently exploited
Daily brief
Change tracking
Detection Engineering
Coverage workspace
Detection coverage
Coverage check
Telemetry ceiling
SIEM query builder
Sigma rules
SIEM rules
YARA rules
Network rules
D3FEND
Threat Hunting
Threat actors
ATT&CK techniques
Attack paths
Indicators
Atomic tests
Red Team and Pentest
Exploitability triage
Recon pack
Attack paths
CAPEC patterns
Adversary emulation
Compliance and GRC
Framework mapping
Control assessment
Audit view
Coverage report
Atlas Search Threat actors Techniques Tools & malware CWE CAPEC KEV catalog Package vulns
About All capabilities Pricing API docs Live status Privacy policy Terms of service
threatengine.sh