CVE-2011-0533
Apache Continuum 1.1-1.4.0 Beta and Archiva 1.0-1.3.3 - Cross-Site Scripting via Auto-Included Table Parameters
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.
References (18)
Core 18
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/70925
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1066056
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46311
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43261
Various Sources x_refsource_confirm
http://jira.codehaus.org/browse/CONTINUUM-2604
Various Sources mailing-list
x_refsource_mlist
http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C981C0A79-5B7B-4053-84CC-3217870BE360%40apache.org%3E
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0373
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1025065
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516474/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12581
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8091
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1066053
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0426
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43334
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65343
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516342/100/0/threaded
Various Sources x_refsource_confirm
http://continuum.apache.org/security.html
Patch mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Feb/236
Scores
EPSS
0.0420
EPSS Percentile
89.8%
Details
CWE
CWE-79
Status
published
Products (25)
apache/archiva
1.0
apache/archiva
1.0.1
apache/archiva
1.0.2
apache/archiva
1.0.3
apache/archiva
1.1
apache/archiva
1.1.1
apache/archiva
1.1.2
apache/archiva
1.1.3
apache/archiva
1.1.4
apache/archiva
1.2
... and 15 more
Published
Feb 17, 2011
Tracked Since
Feb 18, 2026