In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2019-04-30T21:35:47
Updated: 2024-08-04T17:44:14.810Z
Reserved: 2018-11-14T00:00:00
Link: CVE-2019-0213
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-30T22:29:00.793
Modified: 2024-11-21T04:16:30.047
Link: CVE-2019-0213
Redhat
No data.