Lucene search
ApacheCVELIST:CVE-2024-27140HistoryMar 01, 2024 - 3:40 p.m.
CVE-2024-27140 Apache Archiva: reflected XSS
2024-03-0115:40:08
CWE-79
apache
www.cve.org
apache archiva
cross-site scripting
input neutralization
web page generation
vulnerability
retired project
unsupported
version 2.0.0
UNSUPPORTED WHEN ASSIGNED
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Apache Archiva.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache Archiva",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
]Related
osv
osv
Apache Archiva Reflected Cross-site Scripting vulnerability
2024-03-01 18:30:23
cve
cve
CVE-2024-27140
2024-03-01 16:15:46
github
github
Apache Archiva Reflected Cross-site Scripting vulnerability
2024-03-01 18:30:23
veracode
veracode
Cross Site Scripting(XSS)
2024-03-04 04:50:48
nvd
nvd
CVE-2024-27140
2024-03-01 16:15:46
prion
prion
Cross site scripting
2024-03-01 16:15:00