CVE-2012-6092 – org.apache.activemq:activemq-core

Package

Manager: maven
Name: org.apache.activemq:activemq-core
Vulnerable Version: >=0 <5.8.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01945 pctl0.82736

Details

Cross-site Scripting in Apache ActiveMQ Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

Metadata

Created: 2022-05-17T03:46:33Z
Modified: 2024-03-05T18:51:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rp9p-863f-9c4h/GHSA-rp9p-863f-9c4h.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-rp9p-863f-9c4h
Finding: F008
Auto approve: 1