First published: Sat Dec 07 2013(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Roller | <=5.0.1 | |
Apache Roller | =4.0 | |
Apache Roller | =4.0.1 | |
Apache Roller | =5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-4171 is classified as a medium severity vulnerability due to its potential for remote exploitation.
To fix CVE-2013-4171, upgrade to Apache Roller version 5.0.2 or later.
CVE-2013-4171 allows remote attackers to conduct cross-site scripting (XSS) attacks via crafted input in search result fields.
CVE-2013-4171 affects Apache Roller versions prior to 5.0.2, including 4.0, 4.0.1, and 5.0.
Exploitation of CVE-2013-4171 typically does not require user interaction, making it more dangerous.