Apache Roller 'q' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Apache Roller and is prone to Cross Site Scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to inject arbitrary HTML codes in the context of the affected web application. Impact Level: Application

Solution

Upgrade to Apache Roller Version 4.0.1 or later or apply the patch. http://roller.apache.org/download.cgi http://issues.apache.org/roller/browse/ROL-1766 ***** NOTE: Please ignore this warning if the patch is applied. *****

Insight

The issue is due to input validation error in 'q' parameter when performing a search. It is not properly sanitised before being returned to the user.

Affected

Apache Roller Version 2.x, 3.x and 4.0

References

http://osvdb.org/51151
http://secunia.com/advisories/31523

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6879

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
AMSI 'file' Parameter Directory Traversal Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability
AdaptCMS 'init.php' Remote File Include Vulnerability
Admidio get_file.php Remote File Disclosure Vulnerability

Take action and discover your vulnerabilities