CVE-2012-6092

Low

Low Medium High Critical

CVSS Score

Published: Apr 21, 2013

Last Modified: Apr 11, 2025

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js. NOTE: AMQ-4124 is covered by CVE-2012-6551.

Known Affected Software

32 configuration(s) from 1 vendor(s)

activemq

Version:

3.2.2

CPE:

cpe:2.3:a:apache:activemq:3.2.2:*:*:*:*:*:*:*

activemq

Version:

4.0.2

CPE:

cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*

activemq

Version:

5.4.2

CPE:

cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*

activemq

Version:

2.0

CPE:

cpe:2.3:a:apache:activemq:2.0:*:*:*:*:*:*:*

activemq

Version:

3.0

CPE:

cpe:2.3:a:apache:activemq:3.0:*:*:*:*:*:*:*

activemq

Version:

5.3.0

CPE:

cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*

activemq

Version:

1.5

CPE:

cpe:2.3:a:apache:activemq:1.5:*:*:*:*:*:*:*

activemq

Version:

5.4.3

CPE:

cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*

activemq

Version:

5.0.0

CPE:

cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*

activemq

Version:

3.2

CPE:

cpe:2.3:a:apache:activemq:3.2:*:*:*:*:*:*:*

activemq

Version:

5.3.2

CPE:

cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*

activemq

Version:

4.1.2

CPE:

cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*

activemq

Version:

3.1

CPE:

cpe:2.3:a:apache:activemq:3.1:*:*:*:*:*:*:*

activemq

Version:

1.3

CPE:

cpe:2.3:a:apache:activemq:1.3:*:*:*:*:*:*:*

activemq

Version:

4.0

CPE:

cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*

activemq

Version:

5.4.1

CPE:

cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*

activemq

Version:

5.2.0

CPE:

cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*

activemq

Version:

5.3.1

CPE:

cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*

activemq

Version:

5.7.0

CPE:

cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*

activemq

Version:

1.1

CPE:

cpe:2.3:a:apache:activemq:1.1:*:*:*:*:*:*:*

activemq

Version:

1.4

CPE:

cpe:2.3:a:apache:activemq:1.4:*:*:*:*:*:*:*

activemq

Version:

4.0.1

CPE:

cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*

activemq

Version:

3.2.1

CPE:

cpe:2.3:a:apache:activemq:3.2.1:*:*:*:*:*:*:*

activemq

Version:

1.2

CPE:

cpe:2.3:a:apache:activemq:1.2:*:*:*:*:*:*:*

activemq

Version:

5.1.0

CPE:

cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*

activemq

Version:

4.1.0

CPE:

cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*

activemq

Version:

2.1

CPE:

cpe:2.3:a:apache:activemq:2.1:*:*:*:*:*:*:*

activemq

Version:

5.5.1

CPE:

cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*

activemq

Version:

5.5.0

CPE:

cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*

activemq

Version:

5.4.0

CPE:

cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*

activemq

Version:

5.6.0

CPE:

cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*

activemq

Version:

4.1.1

CPE:

cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*

This vulnerability affects 32 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description: The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood: High
Typical Severity: Medium
OWASP Top 10: A03:2021-Injection
Abstraction Level: Base