{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-05T07:07:09.191","vulnerabilities":[{"cve":{"id":"CVE-2019-0234","sourceIdentifier":"security@apache.org","published":"2019-07-15T22:15:12.133","lastModified":"2024-11-21T04:16:33.563","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A Reflected Cross-site Scripting (XSS) vulnerability exists in Apache Roller. Roller's Math Comment Authenticator did not property sanitize user input and could be exploited to perform Reflected Cross Site Scripting (XSS). The mitigation for this vulnerability is to upgrade to the latest version of Roller, which is now Roller 5.2.3."},{"lang":"es","value":"Existe una vulnerabilidad de tipo Cross-site Scripting (XSS) Reflejado en Apache Roller. El autenticador de comentarios matemáticos de Roller no tenía la propiedad de sanear las entradas del usuario y podría ser explotado para realizar una ataque Cross-site Scripting (XSS) Reflejado. La mitigación de esta vulnerabilidad es actualizar a la última versión de Roller, que ahora es Roller versión 5.2.3."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:roller:5.2.0:*:*:*:*:*:*:*","matchCriteriaId":"CAF420A0-DEED-45B0-AF7C-33AB0D6E2552"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:roller:5.2.1:*:*:*:*:*:*:*","matchCriteriaId":"92C690A2-4772-493E-8220-133E12692AC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:roller:5.2.2:*:*:*:*:*:*:*","matchCriteriaId":"C8F7FE79-D2AC-45C2-A58D-0228B0300682"}]}]}],"references":[{"url":"https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E","source":"security@apache.org"},{"url":"https://lists.apache.org/thread.html/26cdef3fa8a8fa7fcbb99320aa860836ead124b414c654a4d12674cf%40%3Cdev.roller.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.apache.org/thread.html/r81a61626d03a11e610c4fbf641f19a6075a0d082906388826829663d%40%3Cuser.roller.apache.org%3E","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}