CVE-2013-1880

Apache Activemq < 5.8.0 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

References (4)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-1029.html

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=924447

[Exploit] https://issues.apache.org/jira/browse/AMQ-4398

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65615

Scores

EPSS 0.0137

EPSS Percentile 80.1%

Details

CWE

CWE-79

Status published

Products (16)

apache/activemq < 5.8.0

apache/activemq

... and 6 more

Published Feb 05, 2014

Tracked Since Feb 18, 2026