Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25648
HistoryFeb 11, 2011 - 12:00 a.m.

[SECURITY] CVE-2011-0533: Apache Continuum cross-site scripting vulnerability

2011-02-1100:00:00
vulners.com
19
JSON

CVE-2011-0533: Apache Continuum cross-site scripting vulnerability

Severity: Important

Vendor:
The Apache Software Foundation

Versions Affected:
Continuum 1.3.6
Continuum 1.4.0 (Beta)
The unsupported versions Continuum 1.1 - 1.2.3.1 are also affected.

Description:
A request that included a specially crafted request parameter could be
used to inject arbitrary HTML or Javascript into Continuum project
pages.

Mitigation:
Continuum 1.3.6 and earlier users should upgrade to 1.3.7

Continuum 1.4.0 (Beta) users should apply the following patch:
http://svn.apache.org/viewvc?view=revision&revision=1066056

Credit:
This issue was discovered by Tal Be'ery of Imperva.

References:
http://continuum.apache.org/security.html


Brett Porter
[email protected]
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter

Related

cve 1
openvas 1
prion 1
securityvulns 2
cve
cve
CVE-2011-0533
2011-02-17 18:00:00
openvas
openvas
Apache Continuum Cross Site Scripting Vulnerability
2011-02-11 00:00:00
prion
prion
Cross site scripting
2011-02-17 18:00:00
securityvulns
securityvulns
[SECURITY] CVE-2011-0533: Apache Archiva cross-site scripting vulnerability
2011-02-17 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-02-11 00:00:00
JSON
Related for SECURITYVULNS:DOC:25648
cve1openvas1prion1securityvulns2