-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe GitHub commit fafd12d shows the vulnerability was fixed by adding HTML escaping to the 'refresh' parameter output in PortfolioPublishServlet.java. The vulnerability description specifically mentions XSS via the refresh parameter to demo/portfolioPublish, which maps to this servlet's doGet method. The pre-patch code (out.print(refreshRate)) lacked sanitization, while post-patch uses escape(refreshRate), confirming this was the vulnerable code path.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.apache.activemq:activemq-core | maven | < 5.9.0 | 5.9.0 |