Description

Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt

http://seclists.org/oss-sec/2015/q1/427

http://secunia.com/advisories/62649

http://www.securityfocus.com/bid/72511

https://exchange.xforce.ibmcloud.com/vulnerabilities/100724

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2020-2271 Vulnerability in maven package org.jenkins-ci.plugins:locked-files-report

CVE-2022-32549 Vulnerability in maven package org.apache.sling:org.apache.sling.commons.log

CVE-2023-24453 Vulnerability in maven package org.jenkins-ci.plugins:testquality-updater

CVE-2022-41678 Vulnerability in maven package org.apache.activemq:apache-activemq

CVE-2023-46998 Vulnerability in maven package org.webjars.bowergithub.makeusabrew:bootbox

Severity

Critical

Classification

CWE-79

Tags

Vendor Advisory