Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2012-6092

Опубликовано: 18 окт. 2012
Источник: redhat
CVSS2: 4.3

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Enterprise 1activemqNot affected
Red Hat JBoss Enterprise Web Server 1amqNot affected
Red Hat JBoss Enterprise Web Server 1fuse-6.0Not affected
Red Hat JBoss Enterprise Web Server 1fuse-esb-7.1Affected
Red Hat JBoss Enterprise Web Server 1fuse-mb-5.5.1Will not fix
Red Hat JBoss Enterprise Web Server 1fuse-mc-7.1.0Not affected
Red Hat JBoss Enterprise Web Server 1fuse-mq-7.1Affected
Red Hat JBoss Enterprise Web Server 1fuse-othersWill not fix
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss SOA Platform 4.3activemqWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=955906activemq: Multiple XSS flaws in web demos

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2012-6092

ubuntu
почти 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

nvd логотип

CVE-2012-6092

nvd
почти 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

debian логотип

CVE-2012-6092

debian
почти 13 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the web demos i ...

github логотип

GHSA-rp9p-863f-9c4h

github
больше 3 лет назад

Cross-site Scripting in Apache ActiveMQ

4.3 Medium

CVSS2