CVE-2016-4469 — CVSS 8.8 (high): Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.3.9 and earlier allow remote attackers to hijack the…
CVE-2017-5657 — CVSS 8.0 (high): Several REST service endpoints of Apache Archiva are not protected against Cross Site Request Forgery (CSRF) attacks. A malicious site…
CVE-2024-27138 — CVSS 7.5 (high): ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user…
CVE-2024-27139 — CVSS 7.5 (high): ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an…
CVE-2022-40308 — CVSS 7.5 (high): If anonymous read enabled, it's possible to read the database file directly without logging in.
CVE-2011-1026 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote…
CVE-2010-4408 — CVSS 6.8 (medium): Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's…
CVE-2010-3449 — CVSS 6.8 (medium): Cross-site request forgery (CSRF) vulnerability in Redback before 1.2.4, as used in Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4…
CVE-2019-0213 — CVSS 6.5 (medium): In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The…
CVE-2019-0214 — CVSS 6.5 (medium): In Apache Archiva 2.0.0 - 2.2.3, it is possible to write files to the archiva server at arbitrary locations by using the artifact upload…
CVE-2022-29405 — CVSS 6.5 (medium): In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
CVE-2023-28158 — CVSS 6.5 (medium): Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by…
CVE-2024-27140 — CVSS 5.4 (medium): ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in…
CVE-2020-9495 — CVSS 5.3 (medium): Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the…
CVE-2016-5005 — CVSS 4.8 (medium): Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authenticated administrators to inject arbitrary…
CVE-2013-2187 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject…
CVE-2011-0533 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3…
CVE-2011-1077 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to…