Severity: important Vendor: The Apache Software Foundation
Versions Affected: Roller 4.0.0 to Roller 4.0.1 Roller 5.0 and Roller 5.0.1 The unsupported Roller 3.1 release is also affected Description: Roller's RSS and Atom feed representations of Search Results were vulnerable to Cross Site Scripting (XSS) attacks because user-provided text was not escaped in some cases. Mitigation Roller 4.0 and 4.0.1 users should upgrade to Roller 5.0.2 Roller 5.0 and 5.0.1 users should upgrade to Roller 5.0.2 Roller 3.1 users should upgrade to Roller 5.0.2 Credit: Alex Kouzemtchenko, Security Researcher, Coverity
