SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2011-0533

Date: (C)2011-02-17 (M)2023-12-22

Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

SECTRACK-1025065

http://www.securityfocus.com/archive/1/516342/100/0/threaded

http://seclists.org/fulldisclosure/2011/Feb/236

http://www.securityfocus.com/archive/1/516474/100/0/threaded

http://mail-archives.apache.org/mod_mbox/continuum-users/201102.mbox/%3C981C0A79-5B7B-4053-84CC-3217870BE360%40apache.org%3E

continuum-unspec-xss(65343)

http://continuum.apache.org/security.html

http://jira.codehaus.org/browse/CONTINUUM-2604

http://svn.apache.org/viewvc?view=revision&revision=1066053

http://svn.apache.org/viewvc?view=revision&revision=1066056

oval:org.mitre.oval:def:12581

cpe:/a:apache:archiva:1.3
cpe:/a:apache:archiva:1.1
cpe:/a:apache:archiva:1.2
cpe:/a:apache:archiva:1.3.2
...

oval:org.secpod.oval:def:718

© SecPod Technologies