CVE-2023-28158
Published Mar 29, 2023
Last updated 2 years ago
Overview
- Description
- Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.
- Source
- security@apache.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@apache.org
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:archiva:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "95454E36-5438-4F8A-BB13-073645DAA1C4",
"versionEndExcluding": "2.2.10",
"versionStartIncluding": "2.0"
}
],
"operator": "OR"
}
]
}
]