HomePentest-Tools.com Logo

Apache Roller q Parameter Cross Site Scripting Vulnerability CVE-2008-6879

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache Roller is prone to a Cross Site Scripting vulnerability.

Risk description

The issue is due to input validation error in q parameter when performing a search. It is not properly sanitised before being returned to the user. Successful exploitation will allow remote attackers to inject arbitrary HTML codes in the context of the affected web application.

Recommendation

Upgrade to Apache Roller Version 4.0.1 or later or apply the patch via the references.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 30, 2009
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available