CVE-2013-1880 – org.apache.activemq:activemq-core

Package

Manager: maven
Name: org.apache.activemq:activemq-core
Vulnerable Version: >=0 <5.9.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0101 pctl0.76247

Details

Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

Metadata

Created: 2022-05-17T03:46:32Z
Modified: 2023-12-20T18:52:18Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c9gx-27hq-wcvj/GHSA-c9gx-27hq-wcvj.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-c9gx-27hq-wcvj
Finding: F008
Auto approve: 1