CVE-2019-0213

Summary

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

Affected Software

VendorProductVersion RangeStatus
ApacheApache ArchivaAll versions prior to version 2.2.4affected

Weaknesses

  • Stored XSS

ADP Enrichment

CVE Program Container

Additional References

References