{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-09T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "66991", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66991"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://archiva.apache.org/security.html"}, {"name": "20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"}, {"name": "1030130", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030130"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-2187", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "66991", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66991"}, {"name": "http://archiva.apache.org/security.html", "refsource": "CONFIRM", "url": "http://archiva.apache.org/security.html"}, {"name": "20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"}, {"name": "1030130", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030130"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-2187", "datePublished": "2014-04-22T14:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2018-10-09T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:archiva:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "DC7E1832-3889-477D-9DA4-869B6867EBC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F945FF3A-483C-4CD5-A413-0C354C15A99F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCCF9A1C-7091-4D72-8AFC-5373F45FF7D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "0D1D107D-C022-43B4-BA64-0D39F31EE226", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "F26131F0-693E-4245-9DC1-645B0EACD0D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "FEC394AE-2522-476B-82A9-5F7410B55398", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "C14AFD31-A944-4422-A142-AE95AD8E1424", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "19E4F29D-795C-4CE2-85CA-3322B1598F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "4803C6A2-1B9C-48E5-9495-15EA25176396", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:archiva:1.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "59818802-9A36-421C-B2C6-0AD8906A5BF7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page."}, {"lang": "es", "value": "Vulnerabilidad de XSS en Apache Archiva 1.2 hasta 1.2.2 y 1.3 anterior a 1.3.8 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, relacionado con la p\u00e1gina de inicio."}], "id": "CVE-2013-2187", "lastModified": "2018-10-09T19:34:05.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-04-22T14:23:34.017", "references": [{"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://archiva.apache.org/security.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/66991"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id/1030130"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}