VDB
CVE-2013-1880
CVE-2013-1880
PUBLISHED
CVSS 4.300000190734863 MEDIUM
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
EPSS 1.37% · 80.5th percentile
Risk Scores
CVSS v2.0
4.300000190734863
EPSS Score
1.37%
80.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| apache | activemq | 0, 5.0.0, 5.2.0 |
| n/a | n/a | n/a |
| Maven | org.apache.activemq:activemq-core | 0 |
Timeline
- Feb 5, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 1, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 6, 2023 EPSS Score
References
- 65615 vdb
- RHSA-2013:1029 vendor-advisory
- https://issues.apache.org/jira/browse/AMQ-4398 url
- https://bugzilla.redhat.com/show_bug.cgi?id=924447 url
- https://nvd.nist.gov/vuln/detail/CVE-2013-1880 advisory
- https://github.com/apache/activemq/commit/fafd12dfd4f71336f8e32c090d40ed1445959b40 url
- https://github.com/apache/activemq url