CVE-2016-0782 – org.apache.activemq:activemq-client

Package

Manager: maven
Name: org.apache.activemq:activemq-client
Vulnerable Version: >=5.0.0 <5.11.4 || >=5.12.0 <5.12.3 || >=5.13.0 <5.13.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.01162 pctl0.778

Details

Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.

Metadata

Created: 2022-05-14T01:14:51Z
Modified: 2024-03-14T22:38:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8rcq-p4gh-vmj8/GHSA-8rcq-p4gh-vmj8.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-8rcq-p4gh-vmj8
Finding: F425
Auto approve: 1