cvedb.io
CVE-2019-0213
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2019-04-30T22:29:00.793 · Last modified 2026-06-17T02:07:59.353

Summary

In Apache Archiva before 2.2.4, it may be possible to store malicious XSS code into central configuration entries, i.e. the logo URL. The vulnerability is considered as minor risk, as only users with admin role can change the configuration, or the communication between the browser and the Archiva server must be compromised.

Affected products

apache — archiva

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.