The Portfolio publisher servlet in the demo web application in Apache ActiveMQ is vulnerable to cross-site scripting (XSS). The vulnerability allows remote attackers to inject arbitrary web script or HTML via the refresh
parameter in demo/portfolioPublish
.