cvelistv5 - cve-2013-2187

cve-2013-2187

Vulnerability from cvelistv5

Published

2014-04-22 14:00

Modified

2024-08-06 15:27

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

References

URL	Tags
secalert@redhat.com	http://archiva.apache.org/security.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/531884/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/66991
secalert@redhat.com	http://www.securitytracker.com/id/1030130
af854a3a-2127-422b-91ae-364da2661108	http://archiva.apache.org/security.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/531884/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66991
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030130

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T15:27:41.000Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "66991",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66991"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://archiva.apache.org/security.html"
          },
          {
            "name": "20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"
          },
          {
            "name": "1030130",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030130"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-04-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "66991",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66991"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://archiva.apache.org/security.html"
        },
        {
          "name": "20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"
        },
        {
          "name": "1030130",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030130"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2187",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "66991",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66991"
            },
            {
              "name": "http://archiva.apache.org/security.html",
              "refsource": "CONFIRM",
              "url": "http://archiva.apache.org/security.html"
            },
            {
              "name": "20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"
            },
            {
              "name": "1030130",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030130"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-2187",
    "datePublished": "2014-04-22T14:00:00",
    "dateReserved": "2013-02-19T00:00:00",
    "dateUpdated": "2024-08-06T15:27:41.000Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC7E1832-3889-477D-9DA4-869B6867EBC3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F945FF3A-483C-4CD5-A413-0C354C15A99F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCCF9A1C-7091-4D72-8AFC-5373F45FF7D5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D1D107D-C022-43B4-BA64-0D39F31EE226\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F26131F0-693E-4245-9DC1-645B0EACD0D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FEC394AE-2522-476B-82A9-5F7410B55398\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C14AFD31-A944-4422-A142-AE95AD8E1424\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"19E4F29D-795C-4CE2-85CA-3322B1598F9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4803C6A2-1B9C-48E5-9495-15EA25176396\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:archiva:1.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"59818802-9A36-421C-B2C6-0AD8906A5BF7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de XSS en Apache Archiva 1.2 hasta 1.2.2 y 1.3 anterior a 1.3.8 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\\u00e9s de par\\u00e1metros no especificados, relacionado con la p\\u00e1gina de inicio.\"}]",
      "id": "CVE-2013-2187",
      "lastModified": "2024-11-21T01:51:12.583",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-04-22T14:23:34.017",
      "references": "[{\"url\": \"http://archiva.apache.org/security.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/531884/100/0/threaded\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/66991\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1030130\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://archiva.apache.org/security.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/531884/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/66991\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1030130\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-2187\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2014-04-22T14:23:34.017\",\"lastModified\":\"2024-11-21T01:51:12.583\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de XSS en Apache Archiva 1.2 hasta 1.2.2 y 1.3 anterior a 1.3.8 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, relacionado con la p\u00e1gina de inicio.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7E1832-3889-477D-9DA4-869B6867EBC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F945FF3A-483C-4CD5-A413-0C354C15A99F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCCF9A1C-7091-4D72-8AFC-5373F45FF7D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D1D107D-C022-43B4-BA64-0D39F31EE226\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F26131F0-693E-4245-9DC1-645B0EACD0D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEC394AE-2522-476B-82A9-5F7410B55398\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C14AFD31-A944-4422-A142-AE95AD8E1424\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19E4F29D-795C-4CE2-85CA-3322B1598F9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4803C6A2-1B9C-48E5-9495-15EA25176396\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:archiva:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"59818802-9A36-421C-B2C6-0AD8906A5BF7\"}]}]}],\"references\":[{\"url\":\"http://archiva.apache.org/security.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/531884/100/0/threaded\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/66991\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1030130\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://archiva.apache.org/security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/531884/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/66991\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1030130\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

cve-2013-2187

Vulnerability from fkie_nvd

Published

2014-04-22 14:23

Modified

2024-11-21 01:51

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://archiva.apache.org/security.html	Patch, Vendor Advisory
secalert@redhat.com	http://www.securityfocus.com/archive/1/531884/100/0/threaded
secalert@redhat.com	http://www.securityfocus.com/bid/66991
secalert@redhat.com	http://www.securitytracker.com/id/1030130
af854a3a-2127-422b-91ae-364da2661108	http://archiva.apache.org/security.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/531884/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/66991
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1030130

Impacted products

Vendor	Product	Version
apache	archiva	1.2
apache	archiva	1.2.1
apache	archiva	1.2.2
apache	archiva	1.3
apache	archiva	1.3.1
apache	archiva	1.3.2
apache	archiva	1.3.3
apache	archiva	1.3.4
apache	archiva	1.3.5
apache	archiva	1.3.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7E1832-3889-477D-9DA4-869B6867EBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F945FF3A-483C-4CD5-A413-0C354C15A99F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCCF9A1C-7091-4D72-8AFC-5373F45FF7D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1D107D-C022-43B4-BA64-0D39F31EE226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F26131F0-693E-4245-9DC1-645B0EACD0D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEC394AE-2522-476B-82A9-5F7410B55398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C14AFD31-A944-4422-A142-AE95AD8E1424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "19E4F29D-795C-4CE2-85CA-3322B1598F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4803C6A2-1B9C-48E5-9495-15EA25176396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:archiva:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "59818802-9A36-421C-B2C6-0AD8906A5BF7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en Apache Archiva 1.2 hasta 1.2.2 y 1.3 anterior a 1.3.8 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de par\u00e1metros no especificados, relacionado con la p\u00e1gina de inicio."
    }
  ],
  "id": "CVE-2013-2187",
  "lastModified": "2024-11-21T01:51:12.583",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-04-22T14:23:34.017",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archiva.apache.org/security.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/66991"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1030130"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archiva.apache.org/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/66991"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1030130"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2013-2187

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-2187

Aliases

CVE-2013-2187

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-2187",
    "description": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.",
    "id": "GSD-2013-2187"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-2187"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.",
      "id": "GSD-2013-2187",
      "modified": "2023-12-13T01:22:17.808308Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-2187",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "66991",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/66991"
          },
          {
            "name": "http://archiva.apache.org/security.html",
            "refsource": "CONFIRM",
            "url": "http://archiva.apache.org/security.html"
          },
          {
            "name": "20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"
          },
          {
            "name": "1030130",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030130"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:archiva:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-2187"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://archiva.apache.org/security.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://archiva.apache.org/security.html"
            },
            {
              "name": "1030130",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030130"
            },
            {
              "name": "66991",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/66991"
            },
            {
              "name": "20140419 [SECURITY] CVE-2013-2187: Apache Archiva Cross-Site Scripting vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-09T19:34Z",
      "publishedDate": "2014-04-22T14:23Z"
    }
  }
}

ghsa-73x4-r3fj-rwhf

Vulnerability from github

Published

2022-05-14 02:54

Modified

2022-05-14 02:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-2187"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-04-22T14:23:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.",
  "id": "GHSA-73x4-r3fj-rwhf",
  "modified": "2022-05-14T02:54:26Z",
  "published": "2022-05-14T02:54:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2187"
    },
    {
      "type": "WEB",
      "url": "http://archiva.apache.org/security.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/531884/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/66991"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030130"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-2187

Vulnerability from cvelistv5

cve-2013-2187

Vulnerability from fkie_nvd

gsd-2013-2187

Vulnerability from gsd

ghsa-73x4-r3fj-rwhf

Vulnerability from github

Tags

Sightings

Nomenclature