Description

Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt

http://seclists.org/oss-sec/2015/q1/427

http://secunia.com/advisories/62649

http://www.securityfocus.com/bid/72511

https://exchange.xforce.ibmcloud.com/vulnerabilities/100724

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2020-2182 Vulnerability in maven package org.jenkins-ci.plugins:credentials-binding

CVE-2022-36886 Vulnerability in maven package org.jenkins-ci.plugins:external-monitor-job

CVE-2023-24437 Vulnerability in maven package org.jenkins-ci.plugins:jira-steps

CVE-2020-11972 Vulnerability in maven package org.apache.camel:camel-rabbitmq

CVE-2016-0710 Vulnerability in maven package org.apache.portals.jetspeed-2:jetspeed-security

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory