apache activemq is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victimβs browser via the refresh
parameter to PortfolioPublishServlet.java
, and through debug logs or subscribe messages in webapp/websocket/chat.js
.