{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-03-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "65615", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65615"}, {"name": "RHSA-2013:1029", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1029.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/AMQ-4398"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924447"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:20:36.416Z"}, "title": "CVE Program Container", "references": [{"name": "65615", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65615"}, {"name": "RHSA-2013:1029", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1029.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.apache.org/jira/browse/AMQ-4398"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924447"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-1880", "datePublished": "2014-02-05T18:00:00", "dateReserved": "2013-02-19T00:00:00", "dateUpdated": "2024-08-06T15:20:36.416Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A6A7D41-EFEB-4C83-991C-49C1B5A5C105", "versionEndIncluding": "5.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "436F59B9-507A-4B4E-A9F3-022616866151", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F58D9E69-CBF2-4FB6-B062-ED21F83CBCCB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "05D6EC30-88DC-4424-BF86-D9C0DA5E191C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "82ACD6BA-257F-49D0-8944-0991FB038533", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "C43FD7A1-FC03-47BC-B6C6-02C0F1466762", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7A8D571-2925-4F61-B3F0-8F4A3776F6EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "47B31CD9-A3BB-427C-A631-2E8168DD1985", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "6B904806-6796-4947-BDF4-EEA5681147E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "61B4A1EE-7F62-4602-A102-8AD8E9FD528F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "623530FC-12E9-480B-AFA0-C19FCFFA5D36", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "C5755A41-0DBE-4F54-A1C1-4F65DCC6ACD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "11AADFBF-AC60-4535-892C-BE90BE858172", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC5143E8-B392-4954-9C0D-DD39388B669F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el servlet editor de Portfolio en la aplicaci\u00f3n web demo en Apache ActiveMQ anterior a 5.9.0 permite a atacantes remotos inyectar script Web arbitrario o HTML a trav\u00e9s del par\u00e1metro refresh hacia demo/portfolioPublish, una vulnerabilidad distinta que CVE-2012-6092."}], "id": "CVE-2013-1880", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-02-05T18:55:06.253", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2013-1029.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/65615"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924447"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "https://issues.apache.org/jira/browse/AMQ-4398"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2013-1029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65615"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924447"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://issues.apache.org/jira/browse/AMQ-4398"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2013:1029", "cpe": "cpe:/a:redhat:fuse_mq_enterprise:7.1.0", "product_name": "Fuse MQ Enterprise 7.1.0", "release_date": "2013-07-09T00:00:00Z"}], "bugzilla": {"description": "ActiveMQ: XSS vulnerability in portfolioPublish demo application", "id": "924447", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=924447"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092."], "name": "CVE-2013-1880", "package_state": [{"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Not affected", "package_name": "activemq", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Affected", "package_name": "fusesource", "product_name": "Red Hat JBoss Enterprise Web Server 1"}], "public_date": "2013-03-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-1880\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-1880"], "threat_severity": "Moderate"}