Cross-Site Scripting Vulnerability in Apache Archiva 1.3.9 and Earlier
CVE-2016-5005

4.8MEDIUM

Key Information:

Vendor: Apache
Status: Archiva
Vendor: CVE Published:; 28 July 2016

What is CVE-2016-5005?

A Cross-Site Scripting (XSS) vulnerability exists in Apache Archiva versions up to 1.3.9, where remote authenticated administrators can potentially exploit the 'connector.sourceRepoId' parameter during the 'admin/addProxyConnector_commit.action' process. This could lead to the injection of arbitrary web scripts or HTML, posing a significant security risk to the affected applications.