Moderate severityNVD Advisory· Published Feb 5, 2014· Updated Jun 16, 2026
CVE-2013-1880
CVE-2013-1880
Description
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.activemq:activemq-coreMaven | < 5.9.0 | 5.9.0 |
Affected products
15cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*range: <=5.8.0
- cpe:2.3:a:apache:activemq:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:activemq:5.7.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- issues.apache.org/jira/browse/AMQ-4398nvdExploitWEB
- github.com/advisories/GHSA-c9gx-27hq-wcvjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-1880ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2013-1029.htmlnvdWEB
- www.securityfocus.com/bid/65615nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/apache/activemq/commit/fafd12dfd4f71336f8e32c090d40ed1445959b40ghsaWEB
News mentions
0No linked articles in our index yet.