CVE-2023-37581

Summary

CVE-2023-37581 is a vulnerability affecting all versions of Apache Roller on all platforms. This issue involves insufficient input validation and sanitation in the Weblog Category name, Website About, and File Upload features. An authenticated user can exploit this vulnerability to execute Cross-Site Scripting (XSS) attacks. For sites that don't allow untrusted users to author web content, no action is required. However, if your Roller instance is configured for untrusted users, it is recommended to upgrade to version 6.1.2 and disable the File Upload feature to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.