WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2012-6092 Vulnerability in maven package org.apache.activemq:activemq-web

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

Remediation

References

http://activemq.apache.org/activemq-580-release.html

http://rhn.redhat.com/errata/RHSA-2013-1029.html

http://www.securityfocus.com/bid/59400

https://fisheye6.atlassian.com/changelog/activemq?cs=1399577

https://issues.apache.org/jira/browse/AMQ-4115

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282

Related Vulnerabilities

CVE-2020-7691 Vulnerability in maven package org.webjars.npm:jspdf

CVE-2017-16821 Vulnerability in maven package org.b3log:symphony

CVE-2023-22491 Vulnerability in npm package gatsby-transformer-remark

CVE-2020-2230 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2016-1000229 Vulnerability in maven package org.webjars.npm:swagger-ui

Severity

Critical

Classification

CWE-79