CVE-2013-1880
Apache ActiveMQ < 5.9.0 - Cross-Site Scripting via Portfolio Publisher Refresh Parameter
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1029.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65615
Exploit x_refsource_confirm
https://issues.apache.org/jira/browse/AMQ-4398
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=924447
Scores
EPSS
0.0137
EPSS Percentile
80.5%
Details
CWE
CWE-79
Status
published
Products (15)
apache/activemq
5.0.0
apache/activemq
5.1.0
apache/activemq
5.2.0
apache/activemq
5.3.0
apache/activemq
5.3.1
apache/activemq
5.3.2
apache/activemq
5.4.0
apache/activemq
5.4.1
apache/activemq
5.4.2
apache/activemq
5.5.0
... and 5 more
Published
Feb 05, 2014
Tracked Since
Feb 18, 2026