Apache Archiva is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application. Other attacks are also possible. The following versions are affected: Archiva versions 1.0 through 1.0.3 Archiva versions 1.1 through 1.1.4 Archiva versions 1.2 through 1.2.2 Archiva versions 1.3 through 1.3.1
Updates are available. Please see the reference for more details.
- An Image Gallery Directory Traversal Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Allaire JRun directory browsing vulnerability