Lucene search
GitHub Advisory DatabaseGHSA-HP2X-6VRM-7J7VHistoryMar 01, 2024 - 6:30 p.m.
Apache Archiva Reflected Cross-site Scripting vulnerability
2024-03-0118:30:23
CWE-79
GitHub Advisory Database
github.com
3
apache archiva
cross-site scripting
vulnerability
web page generation
http proxy
retired project
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Apache Archiva.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Affected configurations
Node
org.apache.archiva\archivaMatchcommon
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.apache.archiva:archiva-common | le | 2.2.10 |
Related
osv
osv
Apache Archiva Reflected Cross-site Scripting vulnerability
2024-03-01 18:30:23
cve
cve
CVE-2024-27140
2024-03-01 16:15:46
veracode
veracode
Cross Site Scripting(XSS)
2024-03-04 04:50:48
nvd
nvd
CVE-2024-27140
2024-03-01 16:15:46
prion
prion
Cross site scripting
2024-03-01 16:15:00
cvelist
cvelist
CVE-2024-27140 Apache Archiva: reflected XSS
2024-03-01 15:40:08