WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-1880 Vulnerability in maven package org.apache.activemq:activemq-web

Description

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1029.html

http://www.securityfocus.com/bid/65615

https://bugzilla.redhat.com/show_bug.cgi?id=924447

https://issues.apache.org/jira/browse/AMQ-4398

Related Vulnerabilities

CVE-2017-1000353 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-39619 Vulnerability in npm package node-email-check

CVE-2020-8178 Vulnerability in npm package jison

CVE-2020-35476 Vulnerability in maven package net.opentsdb:opentsdb

CVE-2023-40817 Vulnerability in maven package org.opencrx:opencrx-core-models

Severity

Critical

Classification

CWE-79

Tags

Exploit