archiva-repository-admin-default is vulnerable to cross-site scripting. A remote authenticated attacker who has administrative access to modify the central configurations, is able to inject arbitrary Javascript into a victim’s browser via the central configuration entries such as the logo URL.