CVE-2024-27140

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
6.2%
top 9.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache ArchivaApache Archiva
Timeline
PublishedMar 1

Description

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

Mavenorg.apache.archiva:archiva-common2.0.02.2.10

🔴Vulnerability Details

3
OSV
Apache Archiva Reflected Cross-site Scripting vulnerability2024-03-01
CVEList
Apache Archiva: reflected XSS2024-03-01
GHSA
Apache Archiva Reflected Cross-site Scripting vulnerability2024-03-01
CVE-2024-27140 (MEDIUM CVSS 5.4) | ** UNSUPPORTED WHEN ASSIGNED ** Imp | cvebase.io