CVE-2014-8110 – org.apache.activemq:activemq-client

Package

Manager: maven
Name: org.apache.activemq:activemq-client
Vulnerable Version: >=5.0.0 <5.10.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.05214 pctl0.89559

Details

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Metadata

Created: 2022-05-14T01:14:52Z
Modified: 2024-03-14T22:46:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9cvr-8xq4-2m73/GHSA-9cvr-8xq4-2m73.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-9cvr-8xq4-2m73
Finding: F008
Auto approve: 1