Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 21/04/2013 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ prior to 5.8.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache activemq 5.3.0
apache activemq 4.1.0
apache activemq 5.4.0
apache activemq 5.5.1
apache activemq 5.4.1
apache activemq 5.3.1
apache activemq 5.2.0
apache activemq 5.0.0
apache activemq 4.0
apache activemq 4.0.2
apache activemq
apache activemq 4.0.1
apache activemq 5.1.0
apache activemq 5.5.0
apache activemq 5.3.2
apache activemq 4.1.1
apache activemq 5.6.0
apache activemq 5.4.2

CWE-79 https://issues.apache.org/jira/browse/AMQ-4115 https://fisheye6.atlassian.com/changelog/activemq?cs=1399577 http://activemq.apache.org/activemq-580-release.html https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282 http://rhn.redhat.com/errata/RHSA-2013-1029.html http://www.securityfocus.com/bid/59400 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2012-6092

Vulnerability Summary

References

Vulmon Search

About

Products

Connect