Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Apache
  • Archiva
  • Continuum

Configuration 1 [-]

OR cpe:2.3:a:apache:continuum:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:continuum:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:continuum:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:continuum:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:continuum:1.2.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:continuum:1.3.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:continuum:1.4.0:beta:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:apache:archiva:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:archiva:1.3.3:*:*:*:*:*:*:*
References
Link Resource
http://continuum.apache.org/security.html
http://jira.codehaus.org/browse/CONTINUUM-2604
http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C981C0A79-5B7B-4053-84CC-3217870BE360%40apache.org%3E
http://osvdb.org/70925
http://seclists.org/fulldisclosure/2011/Feb/236 Patch
http://secunia.com/advisories/43261 Vendor Advisory
http://secunia.com/advisories/43334 Vendor Advisory
http://securityreason.com/securityalert/8091
http://securitytracker.com/id?1025065
http://svn.apache.org/viewvc?view=revision&revision=1066053 Patch
http://svn.apache.org/viewvc?view=revision&revision=1066056 Patch
http://www.securityfocus.com/archive/1/516342/100/0/threaded
http://www.securityfocus.com/archive/1/516474/100/0/threaded
http://www.securityfocus.com/bid/46311
http://www.vupen.com/english/advisories/2011/0373 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0426 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/65343
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12581
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-02-17T17:00:00

Updated: 2018-10-09T18:57:01

Reserved: 2011-01-20T00:00:00

Link: CVE-2011-0533

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2011-02-17T18:00:03.760

Modified: 2023-11-07T02:06:47.460

Link: CVE-2011-0533

JSON object: View

cve-icon Redhat Information

No data.

CWE