Deng Ching

**Name of the Vulnerable Software and Affected Versions** Apache Archiva versions 1.0 through 1.2.2 Apache Archiva versions 1.3.x before 1.3.5 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which can lead to multiple cross-site scripting (XSS) vulnerabilities. **Recommendations** For Apache Archiva versions 1.0 through 1.2.2, update to version 1.2.3 or later. For Apache Archiva versions 1.3.x before 1.3.5, update to version 1.3.5 or later.