What is the severity of CVE-2012-2381?

CVE-2012-2381 has a medium severity rating that allows remote authenticated users to exploit cross-site scripting vulnerabilities.

How do I fix CVE-2012-2381?

To mitigate CVE-2012-2381, upgrade Apache Roller to version 5.0.1 or later.

Who is affected by CVE-2012-2381?

CVE-2012-2381 affects all versions of Apache Roller prior to 5.0.1, particularly versions used by authenticated users with the blogger role.

What types of attacks are associated with CVE-2012-2381?

CVE-2012-2381 is associated with cross-site scripting (XSS) attacks where users can inject malicious scripts.

Is there a workaround for CVE-2012-2381 if I cannot upgrade?

If upgrading is not possible for CVE-2012-2381, consider disabling the blogger role or applying content security policies to reduce XSS risks.

Vulnerability/
CVE-2012-2381

low

3.5

CWE

26/6/2012

3/10/2022

6/8/2024

CVE-2012-2381: XSS

First published: Tue Jun 26 2012(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Apache Roller	<=5.0
Apache Roller	=0.9.5
Apache Roller	=0.9.6
Apache Roller	=0.9.6.3
Apache Roller	=0.9.6.4
Apache Roller	=0.9.7
Apache Roller	=0.9.7.1
Apache Roller	=0.9.7.2
Apache Roller	=0.9.8
Apache Roller	=0.9.8.1
Apache Roller	=0.9.8.2
Apache Roller	=0.9.9
Apache Roller	=1.0
Apache Roller	=1.0-rc1
Apache Roller	=1.0-rc2
Apache Roller	=1.0.1
Apache Roller	=1.1
Apache Roller	=1.1.1
Apache Roller	=1.1.2
Apache Roller	=1.2
Apache Roller	=1.3
Apache Roller	=2.0
Apache Roller	=2.0.1
Apache Roller	=2.0.2
Apache Roller	=2.1
Apache Roller	=2.1.1
Apache Roller	=2.3
Apache Roller	=3.0
Apache Roller	=3.1
Apache Roller	=4.0
Apache Roller	=4.0.1

Never miss a vulnerability like this again

Reference Links

http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0377.html

Frequently Asked Questions

What is the severity of CVE-2012-2381?
CVE-2012-2381 has a medium severity rating that allows remote authenticated users to exploit cross-site scripting vulnerabilities.
How do I fix CVE-2012-2381?
To mitigate CVE-2012-2381, upgrade Apache Roller to version 5.0.1 or later.
Who is affected by CVE-2012-2381?
CVE-2012-2381 affects all versions of Apache Roller prior to 5.0.1, particularly versions used by authenticated users with the blogger role.
What types of attacks are associated with CVE-2012-2381?
CVE-2012-2381 is associated with cross-site scripting (XSS) attacks where users can inject malicious scripts.
Is there a workaround for CVE-2012-2381 if I cannot upgrade?
If upgrading is not possible for CVE-2012-2381, consider disabling the blogger role or applying content security policies to reduce XSS risks.

collector/nvd-index
agent/type
agent/first-publish-date
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/severity
agent/references
agent/author
agent/tags
agent/description
agent/event
agent/source
vendor/apache
canonical/apache roller
version/apache roller/5.0
version/apache roller/0.9.5
version/apache roller/0.9.6
version/apache roller/0.9.6.3
version/apache roller/0.9.6.4
version/apache roller/0.9.7
version/apache roller/0.9.7.1
version/apache roller/0.9.7.2
version/apache roller/0.9.8
version/apache roller/0.9.8.1
version/apache roller/0.9.8.2
version/apache roller/0.9.9
version/apache roller/1.0
version/apache roller/1.0-rc1
version/apache roller/1.0-rc2
version/apache roller/1.0.1
version/apache roller/1.1
version/apache roller/1.1.1
version/apache roller/1.1.2
version/apache roller/1.2
version/apache roller/1.3
version/apache roller/2.0
version/apache roller/2.0.1
version/apache roller/2.0.2
version/apache roller/2.1
version/apache roller/2.1.1
version/apache roller/2.3
version/apache roller/3.0
version/apache roller/3.1
version/apache roller/4.0
version/apache roller/4.0.1

Frequently Asked Questions

What is the severity of CVE-2012-2381?
CVE-2012-2381 has a medium severity rating that allows remote authenticated users to exploit cross-site scripting vulnerabilities.
How do I fix CVE-2012-2381?
To mitigate CVE-2012-2381, upgrade Apache Roller to version 5.0.1 or later.
Who is affected by CVE-2012-2381?
CVE-2012-2381 affects all versions of Apache Roller prior to 5.0.1, particularly versions used by authenticated users with the blogger role.
What types of attacks are associated with CVE-2012-2381?
CVE-2012-2381 is associated with cross-site scripting (XSS) attacks where users can inject malicious scripts.
Is there a workaround for CVE-2012-2381 if I cannot upgrade?
If upgrading is not possible for CVE-2012-2381, consider disabling the blogger role or applying content security policies to reduce XSS risks.

CVE-2012-2381: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-2381?

How do I fix CVE-2012-2381?

Who is affected by CVE-2012-2381?

What types of attacks are associated with CVE-2012-2381?

Is there a workaround for CVE-2012-2381 if I cannot upgrade?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2012-2381?

How do I fix CVE-2012-2381?

Who is affected by CVE-2012-2381?

What types of attacks are associated with CVE-2012-2381?

Is there a workaround for CVE-2012-2381 if I cannot upgrade?