Description

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1029.html

http://www.securityfocus.com/bid/65615

https://bugzilla.redhat.com/show_bug.cgi?id=924447

https://issues.apache.org/jira/browse/AMQ-4398

Related Vulnerabilities

CVE-2022-1291 Vulnerability in maven package org.webjars.bower:tableexport.jquery.plugin

CVE-2023-49371 Vulnerability in maven package com.ruoyi:ruoyi

CVE-2019-18212 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.emmet

CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-server

CVE-2022-40152 Vulnerability in maven package com.fasterxml.woodstox:woodstox-core

Severity

Critical

Classification

CWE-79

Tags

Exploit