Apache Roller 'q' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Apache Roller and is prone to Cross Site Scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to inject arbitrary HTML codes in the context of the affected web application. Impact Level: Application

Solution

Upgrade to Apache Roller Version 4.0.1 or later or apply the patch. http://roller.apache.org/download.cgi http://issues.apache.org/roller/browse/ROL-1766 ***** NOTE: Please ignore this warning if the patch is applied. *****

Insight

The issue is due to input validation error in 'q' parameter when performing a search. It is not properly sanitised before being returned to the user.

Affected

Apache Roller Version 2.x, 3.x and 4.0

References

http://osvdb.org/51151
http://secunia.com/advisories/31523

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6879
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat source.jsp malformed request information disclosure
Apache Continuum Cross Site Scripting Vulnerability
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability
Apache Rave User Information Disclosure Vulnerability
Apple Safari Multiple Vulnerabilities

Take action and discover your vulnerabilities