CVE-2011-0533
Apache Continuum and Archiva vulnerable to Cross-site Scripting
EPSS 12.8%
Description
Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 through 1.2.3.1, 1.3.6, and 1.4.0 Beta; and Archiva 1.3.0 through 1.3.3 and 1.0 through 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to the autoIncludeParameters setting for the extremecomponents table.
How to fix CVE-2011-0533
To remediate CVE-2011-0533, upgrade the affected package to a fixed version below.
- Maven/org.apache.archiva:archiva—upgrade to 1.3.4 or later
- Maven/org.apache.continuum:continuum—upgrade to 1.3.7 or later
Is CVE-2011-0533 being exploited?
Moderate — EPSS is 12.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- >= 1.0, < 1.3.4
- >= 1.1, < 1.3.7