Vulnerabilities > Apache > Archiva > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-29 CVE-2023-28158 Cross-site Scripting vulnerability in Apache Archiva
Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
network
low complexity
apache CWE-79
5.4
5.4
2022-11-15 CVE-2022-40309 Unspecified vulnerability in Apache Archiva
Users with write permissions to a repository can delete arbitrary directories.
network
low complexity
apache
4.3
4.3
2022-05-25 CVE-2022-29405 Unspecified vulnerability in Apache Archiva
In Apache Archiva, any registered user can reset password for any users.
network
low complexity
apache
6.5
6.5
2020-06-19 CVE-2020-9495 Injection vulnerability in Apache Archiva
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection.
network
low complexity
apache CWE-74
5.3
5.3
2019-04-30 CVE-2019-0214 Unspecified vulnerability in Apache Archiva
In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload mechanism.
network
low complexity
apache
6.5
6.5
2019-04-30 CVE-2019-0213 Cross-site Scripting vulnerability in Apache Archiva
In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e.
network
low complexity
apache CWE-79
6.5
6.5
2016-07-28 CVE-2016-5005 Cross-site Scripting vulnerability in Apache Archiva
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary web script or HTML via the connector.sourceRepoId parameter to admin/addProxyConnector_commit.action.
network
low complexity
apache CWE-79
4.8
4.8