WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2012-6092 Vulnerability in maven package org.apache.activemq:activemq-web

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

Remediation

References

http://activemq.apache.org/activemq-580-release.html

http://rhn.redhat.com/errata/RHSA-2013-1029.html

http://www.securityfocus.com/bid/59400

https://fisheye6.atlassian.com/changelog/activemq?cs=1399577

https://issues.apache.org/jira/browse/AMQ-4115

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282

Related Vulnerabilities

CVE-2020-19698 Vulnerability in npm package editor.md

CVE-2022-0748 Vulnerability in npm package post-loader

CVE-2019-10401 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-32070 Vulnerability in maven package org.xwiki.platform:xwiki-core-rendering-api

CVE-2017-16019 Vulnerability in npm package gitbook

Severity

Critical

Classification

CWE-79