Apache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to remote command execution.
6016752b96e92a44c9cf1eebaa5b10137807afe16bffa1cffa6f222ce1c77103
Apache Archiva versions 1.3 through Continuum 1.3.6 and versions 1.2 through 1.2.2 are vulnerable to a cross site scripting issue.
f3dd2a6339f2b9cb29bc32104faba46017ede0de57263310b410cddaa5374bbf
A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.
ef5405a5cdb908fbdea9c2ca94e9485904f66d387638df61bed5396d7b39036a
Apache Continuum versions 1.3.6 and 1.4.0 Beta suffer from a cross site request forgery vulnerability. Earlier unsupported versions are also vulnerable.
ce3bb3132116881504d85a987dcae5a6efc2e7aa84e4ad9fc0ce456ec27175e2
A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.
0782a37ae7b67ae32bd44e36f19edd4ac64c7f6b85bc91cd4b7a0687e3f4cf9a