HomePentest-Tools.com Logo

Apache ActiveMQ < 5.9.0 Multiple Cross Site Scripting Vulnerabilities CVE-2013-1879CVE-2013-1880

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Apache ActiveMQ is prone to multiple cross site scripting vulnerabilities.

Risk description

Multiple flaws exist due to: - an improper validation of the command in a user crontab file upon processing by the scheduled.jsp script - the Portfolio publisher servlet in the demo web application allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish Successful exploitation will allow attacker to execute arbitrary HTML and script code in a users browser session in the context of an affected site.

Recommendation

Upgrade to version 5.9.0 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jul 20, 2013
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available