Search for packages
| purl | pkg:maven/org.apache.archiva/archiva@1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7aky-87dx-nfab
Aliases: CVE-2011-0533 GHSA-7382-fv7p-v9v3 |
Apache Continuum and Archiva vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table. |
Affected by 0 other vulnerabilities. |
|
VCID-wz1h-4zzv-8yde
Aliases: CVE-2010-4408 GHSA-5p54-jj38-3hxj |
Apache Archiva does not require entry of the administrator's password at the time of modifying a user account Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a (1) unattended workstation or (2) cross-site request forgery (CSRF) vulnerability, a related issue to CVE-2010-3449. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:43:32.821497+00:00 | GitLab Importer | Affected by | VCID-wz1h-4zzv-8yde | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.archiva/archiva/CVE-2010-4408.yml | 38.6.0 |
| 2026-06-02T04:43:19.191289+00:00 | GitLab Importer | Affected by | VCID-7aky-87dx-nfab | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.archiva/archiva/CVE-2011-0533.yml | 38.6.0 |