CVE-2011-0533

Apache Continuum 1.1-1.4.0 Beta and Archiva 1.0-1.3.3 - Cross-Site Scripting via Auto-Included Table Parameters

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.

References (18)

Core 18
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70925
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46311
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43261
Various Sources x_refsource_confirm
http://jira.codehaus.org/browse/CONTINUUM-2604
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0373
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025065
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516474/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12581
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8091
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0426
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43334
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65343
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516342/100/0/threaded
Various Sources x_refsource_confirm
http://continuum.apache.org/security.html
Patch mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Feb/236

Scores

EPSS 0.0420
EPSS Percentile 89.8%

Details

CWE
CWE-79
Status published
Products (25)
apache/archiva 1.0
apache/archiva 1.0.1
apache/archiva 1.0.2
apache/archiva 1.0.3
apache/archiva 1.1
apache/archiva 1.1.1
apache/archiva 1.1.2
apache/archiva 1.1.3
apache/archiva 1.1.4
apache/archiva 1.2
... and 15 more
Published Feb 17, 2011
Tracked Since Feb 18, 2026