Cross-Site Scripting Vulnerabilities in Apache Archiva by Apache
CVE-2011-1077

Currently unrated

Key Information:

Vendor: Apache
Status: Archiva
Vendor: CVE Published:; 2 June 2011

Summary

Apache Archiva versions 1.0 through 1.2.2 and 1.3.x prior to 1.3.5 are vulnerable to multiple cross-site scripting (XSS) flaws that could allow attackers to execute arbitrary web scripts or HTML. These vulnerabilities arise from insufficient validation of user inputs, enabling the possibility of injecting malicious scripts through unspecified vectors, which could lead to compromised user sessions and data leakage.

References

http://www.securityfocus.com/archive/1/518167/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/44693

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/67672

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 2, 2011
Vulnerability Reserved
Feb 24, 2011