Privilege escalation via stored XSS using the file upload service to upload malicious content.
The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/04/18/2 | |
https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt | Mailing List Vendor Advisory |
Configurations
History
18 Apr 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary | Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user. | |
CPE | cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References |
|
|
References | (MISC) https://lists.apache.org/thread/8pm6d5y9cptznm0bdny3n8voovmm0dtt - Mailing List, Vendor Advisory |
29 Mar 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-29 13:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-28158
Mitre link : CVE-2023-28158
CVE.ORG link : CVE-2023-28158
JSON object : View
Products Affected
apache
- archiva
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')