CVE-2019-0213Cross-site Scripting in Apache Archiva

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.6%
top 31.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache ArchivaApache Archiva
Timeline
PublishedApr 30
Latest updateMay 14

Description

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDapache/archiva< 2.2.4
CVEListV5apache/apache_archivaAll versions prior to version 2.2.4

🔴Vulnerability Details

3
GHSA
Cross-site scripting in Apache Archiva2019-05-14
OSV
Cross-site scripting in Apache Archiva2019-05-14
CVEList
CVE-2019-0213: In Apache Archiva before 22019-04-30
CVE-2019-0213 — Cross-site Scripting in Apache Archiva | cvebase