Product:

Archiva

(Apache)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 17
Date Id Summary Products Score Patch Annotated
2022-05-25 CVE-2022-29405 In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 Archiva 6.5
2023-03-29 CVE-2023-28158 Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user. Archiva 5.4
2022-11-15 CVE-2022-40308 If anonymous read enabled, it's possible to read the database file directly without logging in. Archiva 7.5
2022-11-15 CVE-2022-40309 Users with write permissions to a repository can delete arbitrary directories. Archiva 4.3
2014-04-22 CVE-2013-2187 Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page. Archiva N/A
2011-06-02 CVE-2011-1077 Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Archiva N/A
2011-06-02 CVE-2011-1026 Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to hijack the authentication of administrators. Archiva N/A