QwikSec

Security Database

CVE

CWE

Training

CVE-2019-0213

Published: Apr 30, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

Vendor	Product	Versions
Apache	Apache Archiva	affected `All versions prior to version 2.2.4`

References

20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

mailing-list

x_refsource_BUGTRAQ

[maven-users] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

mailing-list

x_refsource_MLIST

[archiva-users] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

mailing-list

x_refsource_MLIST

[oss-security] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

mailing-list

x_refsource_MLIST

http://packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html

x_refsource_MISC

http://archiva.apache.org/security.html#CVE-2019-0213

x_refsource_MISC

[archiva-issues] 20190501 [jira] [Created] (MRM-1987) Port security fixes for 2.2.4 to 3.0.0

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

[announce] 20190430 [SECURITY] CVE-2019-0213: Apache Archiva Stored XSS

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.