CVE-2013-1880 — Cross-site Scripting in Apache Activemq

CWE-79 — Cross-site Scripting8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
1.4%
top 19.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Activemq
Timeline
PublishedFeb 5
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDapache/activemq5.8.0+13

🔴Vulnerability Details

3
OSV
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet↗2022-05-17
â–¶
GHSA
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet↗2022-05-17
â–¶
CVEList
CVE-2013-1880: Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5↗2014-02-05
â–¶

📋Vendor Advisories

2
Red Hat
ActiveMQ: XSS vulnerability in portfolioPublish demo application↗2013-03-21
â–¶
Debian
CVE-2013-1880: activemq - Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in t...↗2013
â–¶

💬Community

2
Bugzilla
CVE-2013-1879 CVE-2013-1880 activemq various flaws [fedora-18]↗2013-03-21
â–¶
Bugzilla
CVE-2013-1880 ActiveMQ: XSS vulnerability in portfolioPublish demo application↗2013-03-21
â–¶
CVE-2013-1880 — Cross-site Scripting in Apache Activemq | cvebase