www-announce mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brett Porter <br...@apache.org>
Subject [SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
Date Wed, 16 Feb 2011 12:30:45 GMT
CVE-2011-0533: Apache Archiva cross-site scripting vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Archiva 1.3.0 - 1.3.3
The unsupported versions Archiva 1.0 - 1.2.2 are also affected.

Description:
A request that included a specially crafted request parameter could be
used to inject arbitrary HTML or Javascript into the Archiva user
management page.

Mitigation:
Archiva 1.3.3 and earlier users should upgrade to 1.3.4

References:
http://archiva.apache.org/security.html

--
Brett Porter
brett@apache.org
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter





--------------------------------------------------------------------- 
To unsubscribe, e-mail: announce-unsubscribe@apache.org 
For additional commands, e-mail: announce-help@apache.org 



Mime
View raw message