Lucene search

K

ApacheCVELIST:CVE-2019-0213

HistoryApr 30, 2019 - 9:35 p.m.

CVE-2019-0213

2019-04-3021:35:47

apache

www.cve.org

8

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

60.9%

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

CNA Affected

[
  {
    "product": "Apache Archiva",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to version 2.2.4"
      }
    ]
  }
]

References

archiva.apache.org/security.html#CVE-2019-0213

packetstormsecurity.com/files/152681/Apache-Archiva-2.2.3-Cross-Site-Scripting.html

www.openwall.com/lists/oss-security/2019/04/30/7

www.securityfocus.com/bid/108123

lists.apache.org/thread.html/0397ddbd17b5257cc1746b31a07294a87221c5ca24e5d19d390e28f3%40%3Cusers.archiva.apache.org%3E

lists.apache.org/thread.html/7bcea134c3d6fa72cdc1052922ac0914f399f63f4690b7937b80127d%40%3Cannounce.apache.org%3E

lists.apache.org/thread.html/ada0052409d8a4a8c4eb2c7fd6b9cd9423bc753d5fce87eb826662fb%40%3Cissues.archiva.apache.org%3E

lists.apache.org/thread.html/c358754a35473a61477f9d487870581a0dd7054ff95974628fa09f97%40%3Cusers.maven.apache.org%3E

seclists.org/bugtraq/2019/Apr/47

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

60.9%

Related for CVELIST:CVE-2019-0213

veracode1 github1 nvd1 prion1 cve1 osv2 openvas1 zdt1