CVE-2023-28158

Name of the Vulnerable Software and Affected Versions Apache Archiva (affected versions not specified)

Description The issue is related to privilege escalation via stored cross-site scripting (XSS) using the file upload service to upload malicious content. This can be exploited by authenticated users who can create directory names to inject XSS content and gain privileges, such as admin user. The vulnerability allows a remote attacker to perform cross-site scripting attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the file upload service until a patch is available. Restrict access to the directory creation feature to minimize the risk of exploitation. Avoid using the file upload service to upload unverified content until the issue is resolved.