CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS
Percentile
76.8%
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.
Vendor | Product | Version | CPE |
---|---|---|---|
org.apache.activemq\ | activemq | core | cpe:2.3:a:org.apache.activemq\:activemq:core:*:*:*:*:*:*:*:* |
activemq.apache.org/activemq-580-release.html
rhn.redhat.com/errata/RHSA-2013-1029.html
www.securityfocus.com/bid/59400
fisheye6.atlassian.com/changelog/activemq?cs=1399577
github.com/advisories/GHSA-rp9p-863f-9c4h
github.com/apache/activemq/commit/51eb87a84be88d28383ea48f6e341ffe1203c5ba
issues.apache.org/jira/browse/AMQ-4115
issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282
nvd.nist.gov/vuln/detail/CVE-2012-6092