Every CVE whose affected-product data names Apache Roller, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2014-0030 — CVSS 9.8 (critical): The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified…
CVE-2018-17198 — CVSS 9.8 (critical): Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies…
CVE-2025-24859 — CVSS 8.8 (high): A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated…
CVE-2021-33580 — CVSS 7.5 (high): User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex…
CVE-2015-0249 — CVSS 7.2 (high): The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute…
CVE-2013-4212 — CVSS 6.8 (medium): Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL…
CVE-2012-2380 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers…
CVE-2019-0234 — CVSS 6.1 (medium): A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize…
CVE-2023-37581 — CVSS 5.4 (medium): Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache…
CVE-2024-25090 — CVSS 5.4 (medium): Insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description and blogroll name features in all…
CVE-2024-46911 — CVSS 4.7 (medium): Cross-site Resource Forgery (CSRF), Privilege escalation vulnerability in Apache Roller. On multi-blog/user Roller websites, by default…
CVE-2008-6879 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or…
CVE-2013-4171 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or…
CVE-2012-2381 — CVSS 3.5 (low): Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web…