Web application abuses : Apache Archiva < 1.3.8, 2.x < 2.0.1 Home Page XSS Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.804447

Categoría: Web application abuses

Título: Apache Archiva < 1.3.8, 2.x < 2.0.1 Home Page XSS Vulnerability

Resumen: Apache Archiva is prone to a cross-site scripting (XSS); vulnerability.

Descripción: Summary:
Apache Archiva is prone to a cross-site scripting (XSS)
vulnerability.

Vulnerability Insight:
The flaw exists because the home page does not validate input
before returning it to users.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute
arbitrary script code in a user's browser within the trust relationship between their browser and
the server.

Affected Software/OS:
Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8.

Solution:
Update to version 1.3.8, 2.0.1 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2013-2187
BugTraq ID: 66991
http://www.securityfocus.com/bid/66991
Bugtraq: 20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability (Google Search)
http://www.securityfocus.com/archive/1/531884/100/0/threaded
http://www.securitytracker.com/id/1030130

Copyright Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.804447
Categoría:	Web application abuses
Título:	Apache Archiva < 1.3.8, 2.x < 2.0.1 Home Page XSS Vulnerability
Resumen:	Apache Archiva is prone to a cross-site scripting (XSS); vulnerability.
Descripción:	Summary: Apache Archiva is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The flaw exists because the home page does not validate input before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. Affected Software/OS: Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8. Solution: Update to version 1.3.8, 2.0.1 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-2187 BugTraq ID: 66991 http://www.securityfocus.com/bid/66991 Bugtraq: 20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability (Google Search) http://www.securityfocus.com/archive/1/531884/100/0/threaded http://www.securitytracker.com/id/1030130
Copyright	Copyright (C) 2014 Greenbone AG