CVE-2013-1880

Summary

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

Impact & exploitability

AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected products we track (1)

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

• NVD record
• http://rhn.redhat.com/errata/RHSA-2013-1029.html
• http://www.securityfocus.com/bid/65615
• https://bugzilla.redhat.com/show_bug.cgi?id=924447
• https://issues.apache.org/jira/browse/AMQ-4398Exploit