CVE-2012-6092

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

🔗 References (12)

secalert@redhathttp://activemq.apache.org/activemq-580-release.html
secalert@redhathttp://rhn.redhat.com/errata/RHSA-2013-1029.html
secalert@redhathttp://www.securityfocus.com/bid/59400
secalert@redhathttps://fisheye6.atlassian.com/changelog/activemq?cs=1399577
secalert@redhathttps://issues.apache.org/jira/browse/AMQ-4115
secalert@redhathttps://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282
af854a3a-2127-422b-91ae-364da2661108http://activemq.apache.org/activemq-580-release.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-1029.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/59400
af854a3a-2127-422b-91ae-364da2661108https://fisheye6.atlassian.com/changelog/activemq?cs=1399577
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/AMQ-4115
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12311210&version=12323282

Is Your Infrastructure Affected by CVE-2012-6092?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2012-6092

📅 Published

🔄 Last Modified

🔗 References (12)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2012-6092?