Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jOWd4LTI3aHEtd2N2as4AAdIK
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
Permalink: https://github.com/advisories/GHSA-c9gx-27hq-wcvjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOWd4LTI3aHEtd2N2as4AAdIK
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
Identifiers: GHSA-c9gx-27hq-wcvj, CVE-2013-1880
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-1880
- https://bugzilla.redhat.com/show_bug.cgi?id=924447
- https://issues.apache.org/jira/browse/AMQ-4398
- http://rhn.redhat.com/errata/RHSA-2013-1029.html
- http://www.securityfocus.com/bid/65615
- https://github.com/apache/activemq/commit/fafd12dfd4f71336f8e32c090d40ed1445959b40
- https://github.com/advisories/GHSA-c9gx-27hq-wcvj
Blast Radius: 0.0
Affected Packages
maven:org.apache.activemq:activemq-core
Dependent packages: 439Dependent repositories: 7,483
Downloads:
Affected Version Ranges: < 5.9.0
Fixed in: 5.9.0
All affected versions: 4.1.1, 4.1.2, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.5.0, 5.5.1, 5.6.0, 5.7.0
All unaffected versions: