Apache · Apache Archiva · CVE-2011-1077
**Name of the Vulnerable Software and Affected Versions**
Apache Archiva versions 1.0 through 1.2.2
Apache Archiva versions 1.3.x before 1.3.5
**Description**
The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to multiple cross-site scripting (XSS) vulnerabilities.
**Recommendations**
For Apache Archiva versions 1.0 through 1.2.2, update to version 1.2.3 or later.
For Apache Archiva versions 1.3.x before 1.3.5, update to version 1.3.5 or later.