-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.archiva:archiva | maven | < 2.2.1 | 2.2.1 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsanitized processing of the 'connector.sourceRepoId' parameter in the '/admin/addProxyConnector_commit.action' endpoint. The action handler (likely in an AdminAction class) accepts this parameter and persists it without neutralization. The stored value is later reflected in administrative pages like 'Proxy Connectors' and 'Delete Proxy Connector' without output encoding, enabling XSS. While the exact code isn't available, Struts framework conventions and the advisory's endpoint/parameter specificity strongly indicate the action handler as the vulnerable function.