You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@archiva.apache.org by Brett Porter <br...@apache.org> on 2011/02/16 13:30:45 UTC
[SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
Severity: Important
Vendor:
The Apache Software Foundation
Versions Affected:
Archiva 1.3.0 - 1.3.3
The unsupported versions Archiva 1.0 - 1.2.2 are also affected.
Description:
A request that included a specially crafted request parameter could be
used to inject arbitrary HTML or Javascript into the Archiva user
management page.
Mitigation:
Archiva 1.3.3 and earlier users should upgrade to 1.3.4
References:
http://archiva.apache.org/security.html
--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter