Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1jOWd4LTI3aHEtd2N2as4AAdIK

Moderate EPSS: 0.01367% (0.79624 Percentile) EPSS:
Permalink JSON

Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet

Affected Packages Affected Versions Fixed Versions
maven:org.apache.activemq:activemq-core < 5.9.0 5.9.0
439 Dependent packages
7,483 Dependent repositories

Affected Version Ranges

All affected versions

4.1.1, 4.1.2, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.5.0, 5.5.1, 5.6.0, 5.7.0

All unaffected versions

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

References:

Identifiers

GHSA-c9gx-27hq-wcvj

CVE-2013-1880

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.01367

EPSS Percentile: 0.79624

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/activemq

Date and time

Published

over 3 years ago

Updated

19 days ago

API

JSON