Lucene search
HistoryMar 01, 2024 - 4:15 p.m.
CVE-2024-27140
cve-2024-27140
web page generation
cross-site scripting
apache archiva
vulnerability
security
input neutralization
retired project
unsupported
http proxy
malicious characters
nvd
UNSUPPORTED WHEN ASSIGNED
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Apache Archiva.
This issue affects Apache Archiva: from 2.0.0.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Related
osv
osv
Apache Archiva Reflected Cross-site Scripting vulnerability
2024-03-01 18:30:23
veracode
veracode
Cross Site Scripting(XSS)
2024-03-04 04:50:48
github
github
Apache Archiva Reflected Cross-site Scripting vulnerability
2024-03-01 18:30:23
prion
prion
Cross site scripting
2024-03-01 16:15:00
cvelist
cvelist
CVE-2024-27140 Apache Archiva: reflected XSS
2024-03-01 15:40:08