English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

CVE-2013-1879

Low
Low Medium High Critical
CVSS Score
Published: Jul 20, 2013
Last Modified: Apr 11, 2025
CWE: CWE-79

Vulnerability Description

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."

Known Affected Software

33 configuration(s) from 1 vendor(s)

activemq
Version:
3.2.2
CPE:
cpe:2.3:a:apache:activemq:3.2.2:*:*:*:*:*:*:*
activemq
Version:
4.0.2
CPE:
cpe:2.3:a:apache:activemq:4.0.2:*:*:*:*:*:*:*
activemq
Version:
5.4.2
CPE:
cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
activemq
Version:
2.0
CPE:
cpe:2.3:a:apache:activemq:2.0:*:*:*:*:*:*:*
activemq
Version:
3.0
CPE:
cpe:2.3:a:apache:activemq:3.0:*:*:*:*:*:*:*
activemq
Version:
5.3.0
CPE:
cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
activemq
Version:
1.5
CPE:
cpe:2.3:a:apache:activemq:1.5:*:*:*:*:*:*:*
activemq
Version:
5.4.3
CPE:
cpe:2.3:a:apache:activemq:5.4.3:*:*:*:*:*:*:*
activemq
Version:
5.0.0
CPE:
cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
activemq
Version:
3.2
CPE:
cpe:2.3:a:apache:activemq:3.2:*:*:*:*:*:*:*
activemq
Version:
5.3.2
CPE:
cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
activemq
Version:
5.8.0
CPE:
cpe:2.3:a:apache:activemq:5.8.0:*:*:*:*:*:*:*
activemq
Version:
4.1.2
CPE:
cpe:2.3:a:apache:activemq:4.1.2:*:*:*:*:*:*:*
activemq
Version:
3.1
CPE:
cpe:2.3:a:apache:activemq:3.1:*:*:*:*:*:*:*
activemq
Version:
1.3
CPE:
cpe:2.3:a:apache:activemq:1.3:*:*:*:*:*:*:*
activemq
Version:
4.0
CPE:
cpe:2.3:a:apache:activemq:4.0:*:*:*:*:*:*:*
activemq
Version:
5.4.1
CPE:
cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
activemq
Version:
5.2.0
CPE:
cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
activemq
Version:
5.3.1
CPE:
cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
activemq
Version:
5.7.0
CPE:
cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
activemq
Version:
1.1
CPE:
cpe:2.3:a:apache:activemq:1.1:*:*:*:*:*:*:*
activemq
Version:
1.4
CPE:
cpe:2.3:a:apache:activemq:1.4:*:*:*:*:*:*:*
activemq
Version:
4.0.1
CPE:
cpe:2.3:a:apache:activemq:4.0.1:*:*:*:*:*:*:*
activemq
Version:
3.2.1
CPE:
cpe:2.3:a:apache:activemq:3.2.1:*:*:*:*:*:*:*
activemq
Version:
1.2
CPE:
cpe:2.3:a:apache:activemq:1.2:*:*:*:*:*:*:*
activemq
Version:
5.1.0
CPE:
cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
activemq
Version:
4.1.0
CPE:
cpe:2.3:a:apache:activemq:4.1.0:*:*:*:*:*:*:*
activemq
Version:
2.1
CPE:
cpe:2.3:a:apache:activemq:2.1:*:*:*:*:*:*:*
activemq
Version:
5.5.1
CPE:
cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
activemq
Version:
5.5.0
CPE:
cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
activemq
Version:
5.4.0
CPE:
cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
activemq
Version:
5.6.0
CPE:
cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
activemq
Version:
4.1.1
CPE:
cpe:2.3:a:apache:activemq:4.1.1:*:*:*:*:*:*:*
This vulnerability affects 33 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

out of 10.0
Low

Weakness Type (CWE)

CWE-79 Top 25 #1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Exploit Likelihood
High
Typical Severity
Medium
OWASP Top 10
A03:2021-Injection
Abstraction Level
Base
View CWE Details on MITRE

Key Information

Published Date
July 20, 2013

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record