Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jOWd4LTI3aHEtd2N2as4AAdIK

Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

Permalink: https://github.com/advisories/GHSA-c9gx-27hq-wcvj
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jOWd4LTI3aHEtd2N2as4AAdIK
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 10 months ago


Identifiers: GHSA-c9gx-27hq-wcvj, CVE-2013-1880
References: Repository: https://github.com/apache/activemq
Blast Radius: 0.0

Affected Packages

maven:org.apache.activemq:activemq-core
Dependent packages: 439
Dependent repositories: 7,483
Downloads:
Affected Version Ranges: < 5.9.0
Fixed in: 5.9.0
All affected versions: 4.1.1, 4.1.2, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.3.1, 5.3.2, 5.4.0, 5.4.1, 5.4.2, 5.4.3, 5.5.0, 5.5.1, 5.6.0, 5.7.0
All unaffected versions: