A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into the Apache Archiva user management page. Versions 1.3.3 and earlier are affected.
ef5405a5cdb908fbdea9c2ca94e9485904f66d387638df61bed5396d7b39036a
A request that included a specially crafted request parameter could be used to inject arbitrary HTML or Javascript into Continuum project pages. Versions 1.3.6 and 1.4.0 Beta are affected along with unsupported, older revs.
0782a37ae7b67ae32bd44e36f19edd4ac64c7f6b85bc91cd4b7a0687e3f4cf9a