CVE-2013-1880

medium Apache
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Score
1.4%
Exploitation probability in 30 days
Top 20% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Published: February 5, 2014 (4481 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.

CWE

CWE-79

Affected Products

apache activemq

References

🔗 rhn.redhat.com 🔗 www.securityfocus.com 🔗 bugzilla.redhat.com 🔗 issues.apache.org 🔗 rhn.redhat.com