Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.22ID: oval:org.secpod.oval:def:718 | Date: (C)2011-04-19 (M)2023-11-09 |
Class: VULNERABILITY | Family: windows |
The host is installed with Apache Continuum or Apache Archiva and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the applications which is caused by improper validation of user-supplied input. Successful exploitation allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows XP |
Product: |
Apache Archiva |
Apache Continuum |